Why my manifest.json loading require new ssl handshake?
When I test my site on GTMetrix, loading manifest.json require new ssl handshake. The site already in HTTPS, the manifest also in HTTPS. This is weird. I tried on Chrome but the result is the same. Testing other site, like smashingmagazine, manifest.json loaded normally. How to fix this?
Here's the screenshot
Add the crossorigin = "use-credentials" attribute to your link element. For example:
<link rel="manifest" href="https://your-site.com/manifest.json" crossorigin = "use-credentials">
Although no impact is expected on the perceived speed of the website, it is always nice to reduce the SSL handshakes to one-half.
Reason: It has to do with the following cross-origin requirement that is noted in MDN website (https://developer.mozilla.org/en-US/docs/Web/Manifest):
Note: If the manifest requires credentials to fetch - the crossorigin attribute must be set to "use-credentials", even if the manifest file is in the same origin as the current page.