manifest.json and google chrome
GuillaumeCisco opened this issue · comments
Hello there,
I use a basic auth on my server side rendering project with this repo.
Interestingly, After authenticating on /
, I can see in the network devtools panel the /manifest.json
route serves a 401. Indeed the basic auth is not passed for this route. This is the one and only route which has the problem.
In firefox, the route is not even fetched.
Manifest.json is for making single page application as desktop/mobile web app using service worker.
Looks like chrome does not want to pass the Authorization
request header for this route as explained here:
web-push-libs/pywebpush#42
and https://developers.google.com/web/ilt/pwa/introduction-to-push-notifications
Does someone know if there is a way to work with basic auth
and manifest.json
?
Maybe using koa-cors?
Like proposed here: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/ZLXwilWYwZs
Thank you,
Ok just found how to do it.
I simply replaced my call:
<link rel="manifest" href="manifest.json">
by
<link rel="manifest" href="manifest.json" crossorigin="use-credentials">
Thank you for this
Thank the gods for GuillaumeCisco!
Thanks a lot!
Glad it helped others ;)
Little advertising: I'm free for hiring ;)
This qualifier from the MDN documentation is worth emphasizing:
If the manifest requires credentials to fetch, the crossorigin attribute must be set to use-credentials, even if the manifest file is in the same origin as the current page.
For people using this "solution" in their applications, a comment referencing the above may be warranted in order to prevent confusion on the part of reviewers, maintainers, etc.