Hello there,

I use a basic auth on my server side rendering project with this repo.
Interestingly, After authenticating on /, I can see in the network devtools panel the /manifest.json route serves a 401. Indeed the basic auth is not passed for this route. This is the one and only route which has the problem.
In firefox, the route is not even fetched.

Manifest.json is for making single page application as desktop/mobile web app using service worker.
Looks like chrome does not want to pass the Authorization request header for this route as explained here:
web-push-libs/pywebpush#42
and https://developers.google.com/web/ilt/pwa/introduction-to-push-notifications

Does someone know if there is a way to work with basic auth and manifest.json?
Maybe using koa-cors?
Like proposed here: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/ZLXwilWYwZs

Thank you,

Ok just found how to do it.

I simply replaced my call:
<link rel="manifest" href="manifest.json">
by
<link rel="manifest" href="manifest.json" crossorigin="use-credentials">

Thank you for this

Thank the gods for GuillaumeCisco!

Thanks a lot!
Glad it helped others ;)

Little advertising: I'm free for hiring ;)

This qualifier from the MDN documentation is worth emphasizing:

If the manifest requires credentials to fetch, the crossorigin attribute must be set to use-credentials, even if the manifest file is in the same origin as the current page.

For people using this "solution" in their applications, a comment referencing the above may be warranted in order to prevent confusion on the part of reviewers, maintainers, etc.