I am trying to enable PWA on a web site that requires authentication (login tokens managed via Cookies)..
I am trying this out locally (http://localhost:4502) and login (and am issued the login cookie) for the web site.
The problem is when the Web App manifest is requested, no Cookies are sent on the request, so the request is not authenticated.
<link rel="manifest" href="/content/site-x/manifest.json">
As you can see the manifest is served off the the same host/scheme as the web page that includes it.
Do the requests for the the manifest have cookies passed along? I even set my login cookie to be as lax as possible, but nothing. The cookies are sent on all the other requests (JS, CSS, etc.) -- Is there something special about localhost perhaps? Or that its not http?
According to the https://developers.google.com/web/fundamentals/web-app-manifest/
The request for the manifest is made without any credentials (even if it's on the same domain), thus if the manifest requires credentials, you must include crossorigin="use-credentials" in the manifest tag.
So adding <link rel="manifest" href="/manifest.json" crossorigin="use-credentials"> for both cross domain as adding server cookies in the request for the manifest