You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Service Worker: Credentials are not sent during registration
Author: Yannick S.
Created: May 3, 2018
When registering a service worker with navigator.serviceWorker.register('service-worker.js') in an authenticated scenario, the request to fetch the service worker omits the Authorization header with the credentials, resulting in a 401 error. (Other browsers send credentials when fetching service workers.) The promise returned by register is rejected with TypeError: invalid argument.
I don't see the Authorization header in the request when navigator fetches service-worker.js in current browser implementations.
There should be an option to use credentials like in <links>: <link crossorigin="use-credentials">
The text was updated successfully, but these errors were encountered:
It is same origin but for my case there's a load balancer with auth that looks for credential cookie.
Previously my fetch to manifest <link rel="manifest" href="manifest.json" /> doesn't have this credential cookie either (and I think there was a pre-flight OPTIONS?).
Since there's no credential cookie my LB responds with text/html error page and the fetch fails (Chrome also does CORB for text/html mime). To get around it I specified crossorigin="use-credentials" and I can see in the network tab that <link rel="manifest" crossorigin="use-credentials" href="manifest.json" /> now includes the cookie and the call can go through.
Now I'm hitting the same roadblock with navigator.serviceWorker.register("/service_worker.js"); and the request just stays at Pending. I believe this is also the same issue with edge in this link https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17360912/, except theirs look for Authorization header.
BTW a day later I'm now seeing Chrome not showing the service_worker.js call in the network tab but see a failed install in the Application tab and Service worker does not have the 'fetch' handler warning. Chrome Canary still shows the service_worker.js request.
After playing around with my server config I think it does pass credentials. On the server side I also had to make sure it returns the right mime type to avoid CORB. Thank you @jakearchibald.
There doesn't seem to be a way to pass credentials when calling register() in the standard: https://www.w3.org/TR/service-workers-1/#dom-serviceworker-scripturl
As per this doc:
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17360912/
I don't see the Authorization header in the request when navigator fetches
service-worker.js
in current browser implementations.There should be an option to use credentials like in
<links>
:<link crossorigin="use-credentials">
The text was updated successfully, but these errors were encountered: