Service Worker: Disallow CORS responses for same-origin requests.
With this change, a service worker can no longer respond to a request whose mode is 'same-origin' with a response whose type is 'cors'. This is a security measure added to the Fetch specification via https://github.com/whatwg/fetch/issues/629 and https://github.com/whatwg/fetch/pull/655.
Status in Chromium
Enabled by default (tracking bug) in:
- Chrome for desktop release 66
- Chrome for Android release 66
- Android WebView release 66
Consensus & Standardization
Last updated on 2018-03-28