Cross domain: the cache manifest itself

I recently embarked on building a web application that runs completely offline on mobile devices.

Our set up was this:

The CMS and API run off an EC2 server on a domain A;
The assets are published to a S3 bucket on domain B;
The web app is hosted on a S3 static website bucket on domain C.

I'm not able to cross domain the cache manifest itself (since it is a dynamic file its location cannot be changed).

How can I cache the file without being the cache.manifest file location changed?

Solution

W3C says cross-domain is allowed with the manifest:

The manifest-src and default-src directives govern the origins from which a user agent can fetch a manifest. As with other directives, by default the manifest-src directive is *, meaning that a user agent can, [CORS] permitting, fetch the manifest cross-domain. Remote origins (e.g., a CDN) wanting to host manifests for various web applications will need to include the appropriate [CORS] response header in their HTTP response (e.g., Access-Control-Allow-Origin: https://example.com).

You can check if the Access-Control-Allow-Origin response header is present with the manifest. For example:

HTTP/1.1 200 OK
[...]
Access-Control-Allow-Origin: http://example.com
[...]