I’ve recently started getting CORB warnings in Chrome. Here are the logs:
xhr.js:178 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://my.api.mockaroo.com/collection/5?key=0000000 with MIME type text/plain. See Chrome Platform Status for more details.
From the Chrome page:
Cross-Origin Read Blocking (CORB)
Security
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.
Comments
Web developers can learn more about how CORB affects their sites at Cross-Origin Read Blocking for Web Developers.
Chrome 73 changes to cross-origin requests in chrome extension content scripts are described at Changes to Cross-Origin Requests in Chrome Extension Content Scripts
Demo
CORB demo
Documentation
Cross-Origin Read Blocking (CORB)
Cross-Origin Read Blocking for Web Developers
Cross-Origin Read Blocking (CORB) · Issue #681 · whatwg/fetch · GitHub