CORB OPTIONS Requests Blocked in Chrome 73

I have gotten to the bottom of these CORB warnings.

The issue is related, in part, to my use of the content-type-options: nosniff header. I set this header in order to stop the browser from trying to sniff the content-type itself, thereby removing mime-type trickery, namely with user-uploaded files, as an attack vector.

The other part of this, is related to the content-type being returned application/json;charset=utf-8. Per Google's documentation, it notes:

A response served with a "X-Content-Type-Options: nosniff" response header and an incorrect "Content-Type" response header, may be blocked.

Based on this, I set out to double check IANA's site on acceptable media types. To my surprise, I discovered that no charset parameter was ever actually defined in any RFC for the application/json type, and further notes:

No "charset" parameter is defined for this registration. Adding one really has no effect on compliant recipients.

Based on this, I removed the charset from the content-type: application/json and can confirm the CORB warnings stopped in Chrome.

In conclusion, it would appear that per a recent Chrome release, Google has opted to start treating the mime-type more strictly than it has in the past.

Lastly, as a side note, the reason all of our application requests still succeeds, is because it appears Cross-Origin Read Blocking isnt actually enforced in Chrome:

In most cases, the blocked response should not affect the web page's behavior and the CORB error message can be safely ignored.