Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

manifest.json and google chrome #19

Closed
GuillaumeCisco opened this issue Nov 8, 2018 · 5 comments
Closed

manifest.json and google chrome #19

GuillaumeCisco opened this issue Nov 8, 2018 · 5 comments

Comments

@GuillaumeCisco
Copy link

Hello there,

I use a basic auth on my server side rendering project with this repo.
Interestingly, After authenticating on /, I can see in the network devtools panel the /manifest.json route serves a 401. Indeed the basic auth is not passed for this route. This is the one and only route which has the problem.
In firefox, the route is not even fetched.

Manifest.json is for making single page application as desktop/mobile web app using service worker.
Looks like chrome does not want to pass the Authorization request header for this route as explained here:
web-push-libs/pywebpush#42
and https://developers.google.com/web/ilt/pwa/introduction-to-push-notifications

Does someone know if there is a way to work with basic auth and manifest.json?
Maybe using koa-cors?
Like proposed here: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/ZLXwilWYwZs

Thank you,

@GuillaumeCisco
Copy link
Author

Ok just found how to do it.

I simply replaced my call:
<link rel="manifest" href="manifest.json">
by
<link rel="manifest" href="manifest.json" crossorigin="use-credentials">

@nickatnight
Copy link

Thank you for this

@mdelbrocco-od
Copy link

Thank the gods for GuillaumeCisco!

@GuillaumeCisco
Copy link
Author

Thanks a lot!
Glad it helped others ;)

Little advertising: I'm free for hiring ;)

@ethagnawl
Copy link

This qualifier from the MDN documentation is worth emphasizing:

If the manifest requires credentials to fetch, the crossorigin attribute must be set to use-credentials, even if the manifest file is in the same origin as the current page.

For people using this "solution" in their applications, a comment referencing the above may be warranted in order to prevent confusion on the part of reviewers, maintainers, etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants