Thank you for the comment :) I agree it’s not ideal solution, but it’s the only one we got if we want to support all browsers. While not perfect for all, might be just enough for some projects.
Can you point me to some resources on these issues? I tried to search for it and the only thing I could find was that Chrome is the only browser that doesn’t follow the specification and allows caching from different origin, but only if served over SSL. However, at the same time they want to deprecate and disable “powerful features” on insecure origins. So it doesn’t look like limitation of technology, but implementation of Chrome.
As for the second issue, the problem exists but only if you mess up your setup: either by referencing manifest file itself in it, or by setting wrong expires headers on the manifest file.
Am I not seeing something or misunderstanding you?