diff --git a/index.bs b/index.bs
index 8163403..0a3d0a6 100644
--- a/index.bs
+++ b/index.bs
@@ -353,11 +353,6 @@ to incoming responses. To do so, Fetch is patched as follows:
2. The [$cross-origin resource policy check$] is rewritten to take the [=/embedder policy=] into
account, and to cover some [=navigation requests=] in addition to `no-cors` requests.
-3. ISSUE: The [$cross-origin resource policy check$] needs to be performed _after_ the relevant
- service worker has the opportunity to respond to a request, as it may otherwise be allowed to
- respond to a `require-corp` [=request/client=] with an opaque response which doesn't assert
- CORP.
-
### Cross-Origin Resource Policy Checks ### {#corp-check}
To perform a cross-origin resource policy check given a [=request=]
@@ -422,6 +417,20 @@ To perform a cross-origin resource policy check given a [
extensions, and I think it'll be more difficult to ship them after inverting the
error-handling behavior.
+Integration with Service Worker {#integration-sw}
+-------------------------------------------------
+
+In https://w3c.github.io/ServiceWorker/#dom-fetchevent-respondwith, replace 10.1 with the following
+item.
+
+1. If |response| is not a `Response` object, or the result of performing a
+[$cross-origin resource policy check$] with _event_'s request's associated request and _response_'s
+associated response is `blocked`, then set the respond-with-error flag.
+
+Also add the following note.
+
+The [$cross-origin resource policy check$] performed here ensures that a Service Worker
+cannot respond to a client that requires CORP with an opaque response that doesn't assert CORP.
Implementation Considerations {#impl-considerations}
====================================================