Blog

Service workers, fetch(), and CORS: interception limits you should know

Workers can intercept navigations and same-origin fetches, but cross-origin requests still follow browser CORS rules.

Published: 2025-05-30Updated: 2025-06-051 min read

service-workerpwacors

Scope and same-origin

Service workers run in a separate context with their own lifecycle; they cannot override CORS decisions made by the browser for opaque responses.

Caching strategies should store responses you are legally allowed to persist—respect Vary: Origin when applicable.

Pre-cache static assets on your origin; for APIs, prefer explicit same-origin wrappers or documented proxies.

Test update flows so a bad worker version does not strand users without CORS-aware fallbacks.