From 49a86c7cbf7905d7cb67e1e69e2922040658a279 Mon Sep 17 00:00:00 2001 From: Rosa Gutierrez Date: Tue, 3 Mar 2026 15:59:25 +0000 Subject: [PATCH] Enable CORS fetch mode for storage requests The load balancer now returns a specific `Access-Control-Allow-Origin` instead of a wildcard, so credentials can be included by default. This enables `maxEntrySize` enforcement for storage. Co-Authored-By: Claude Opus 4.6 --- app/views/pwa/service_worker.js.erb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/views/pwa/service_worker.js.erb b/app/views/pwa/service_worker.js.erb index 095595f4e..41fac1446 100644 --- a/app/views/pwa/service_worker.js.erb +++ b/app/views/pwa/service_worker.js.erb @@ -42,7 +42,8 @@ TurboOffline.addRule({ maxAge: 60 * 60 * 24 * 7, networkTimeout: 2, maxEntrySize: 2 * 1024 * 1024, // 2MB covers about 95% of all Fizzy blobs - maxEntries: 500 + maxEntries: 500, + fetchOptions: { mode: "cors" } }) })