Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

manifest.json and google chrome #19

Closed
GuillaumeCisco opened this issue Nov 8, 2018 · 5 comments
Closed

manifest.json and google chrome #19

GuillaumeCisco opened this issue Nov 8, 2018 · 5 comments

Comments

@GuillaumeCisco
Copy link

Hello there,

I use a basic auth on my server side rendering project with this repo.
Interestingly, After authenticating on /, I can see in the network devtools panel the /manifest.json route serves a 401. Indeed the basic auth is not passed for this route. This is the one and only route which has the problem.
In firefox, the route is not even fetched.

Manifest.json is for making single page application as desktop/mobile web app using service worker.
Looks like chrome does not want to pass the Authorization request header for this route as explained here:
web-push-libs/pywebpush#42
and https://developers.google.com/web/ilt/pwa/introduction-to-push-notifications

Does someone know if there is a way to work with basic auth and manifest.json?
Maybe using koa-cors?
Like proposed here: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/ZLXwilWYwZs

Thank you,
@GuillaumeCisco
Copy link
Author

Ok just found how to do it.

I simply replaced my call:
<link rel="manifest" href="manifest.json">
by
<link rel="manifest" href="manifest.json" crossorigin="use-credentials">

@nickatnight
Copy link

Thank you for this

@mdelbrocco-od
Copy link

Thank the gods for GuillaumeCisco!

@GuillaumeCisco
Copy link
Author

Thanks a lot!
Glad it helped others ;)

Little advertising: I'm free for hiring ;)

@andrewplummer andrewplummer mentioned this issue Jul 3, 2020
Closed
@yuki-93 yuki-93 mentioned this issue Jul 23, 2020
Closed
@jenkin jenkin mentioned this issue Oct 1, 2020
Closed
@justinbeaty justinbeaty mentioned this issue Dec 5, 2020
Merged
15 tasks
@westonruter westonruter mentioned this issue Dec 19, 2020
Open
@ethagnawl
Copy link

This qualifier from the MDN documentation is worth emphasizing:

If the manifest requires credentials to fetch, the crossorigin attribute must be set to use-credentials, even if the manifest file is in the same origin as the current page.

For people using this "solution" in their applications, a comment referencing the above may be warranted in order to prevent confusion on the part of reviewers, maintainers, etc.

flechaig added a commit to flechaig/gotty that referenced this issue Mar 25, 2022
@flechaig
Avoid HTTP 401 error on manifest.json due to CORS
817b5c8 
Because of CORS, the manifest.json request returns an HTTP 401 error.
Explaination: koajs/basic-auth#19
@flechaig flechaig mentioned this issue Mar 25, 2022
Merged
@lexbritvin lexbritvin mentioned this issue Feb 21, 2023
Closed
@moppman moppman mentioned this issue Aug 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ethagnawl @GuillaumeCisco @nickatnight @mdelbrocco-od