Cache assets from a CMS for offline PWA?

I'm writing a web media viewer for images/videos and I need to cache that media for offline use.

I have a manifest and service worker so it can be installed as a PWA, and I'm trying to cache media from a list of URLs with esentially:

let cache = await window.caches.open('pwa-assets');
for(let url of allAssetURLs) {
  await cache.add(url);
}

This seems to work fine for local assets, but if those URLs are on a different domain (from a CMS/CDN) I get this CORS error.

> Access to fetch at 'https://storage.googleapis.com/....appspot.com/...example.mp4' from origin 'https://127.0.0.1:4173' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Web.dev has a note that cross-domain caching is possible here, but doesn't say much about it.

The URLs I'm trying to cache are for files store in google cloud storage, for example:

> https://storage.googleapis.com/....appspot.com/...example.mp4

These do work if used in <img/> or <video/> tags, so I don't think it's a CORS header issue on the CDN.

You write:

> These do work if used in <img/> or <video/> tags, so I don't think it's a CORS header issue on the CDN.

Loading such subresources across origins is by default compatible with the Same-Origin Policy (SOP) and doesn't trigger CORS errors. See the relevant section of the MDN Web Docs about the SOP:

> Here are some examples of resources which may be embedded cross-origin: [...]
>
> - Images displayed by <img>.
> - Media played by <video> and <audio>.

You write:

> This seems to work fine for local assets, but if those URLs are on a different domain (from a CMS/CDN) I get this CORS error.

Invoking the add method on a Cache results in a GET request. If its argument is on a different origin, the resource in question needs to be configured for CORS or you'll get a CORS error, as you've experienced. See the note in the relevant MDN Web Docs:

> Note that for opaque filtered responses [...]
> we can't access to [sic] the response headers, so this check
> will always fail and the font won't be cached. [...]
> It is something to keep in mind if you're attempting to
> cache other resources from a cross-origin domain that
> doesn't support CORS, though!

You write:

> The URLs I'm trying to cache are for files store in google cloud storage, for example https://storage.googleapis.com/....appspot.com/...example.mp4.

This page of the Google Storage documentation explains how to configure CORS for your bucket(s), assuming those buckets are indeed yours. Otherwise, you're out of luck and won't be able to cache those resources on the client side.