flask progressive-web-apps firefox-android google-chrome-android

Request to PWA start_url does not include cookies

Chrome and Firefox for Android don't seem to include cookies in the request to the manifest start_url when opening a Progressive Web App. My authentication system redirects the user to the login page. But as soon as the login page is refreshed, the user is redirected away from the login page because really they are already logged in.

Setting start_url to a different page that issues a 302 redirect back to the original page does not work either. However, a redirect using meta-refresh does successfully pass cookies to the page.

Can someone explain this behaviour?

Solution

Set SameSite cookie policy to lax

With SameSite=Strict the cookie will not be sent if you are visiting a link from a different web page, which is what happens when you open the PWA for the first time, and that's where SameSite=Lax comes in by allowing the cookie to be sent with these top-level navigations

Flask-SQLAlchemy tables are defined in the schema but not getting created
Run a package to control a program inside flask
Google GenerativeAI unable to load video files
Why does React to Flask call fail with CORS despite flask_cors being included
How to make a simple POST function with flask?
WTF form.validate_on_submit() not working
autoreload python without master in uwsgi + flask
Time discrepancy between local and PythonAnywhere environments (5-hour difference in datetime calculation)
How do I include a HTML file in a Jinja2 template?
Whats the best approach to execute a bash script inside a Docker Container?
What is needed to allow axios http requests from my front-end container to my back-end container on my azure containerized web app?
Flask WTForm: custom validation based on multiple form fields
Flask Blueprint with socketio configuration
How to Configure AWS SES with Flask-Security-Too for Email Sending? (ValueError: No email extension configured)
jinja2.exceptions.TemplateSyntaxError: expected token 'end of print statement', got 'posted'
How to allow multiple accounts on the same browser in flask?
Permission Denied on Socket File - NGINX + Gunicorn + Flask
Is Autoescape default in jinja2 (Flask)?
flask-jwt-extended: Fake Authorization Header during testing (pytest)
What is the convention in Flask-RESTful for error handling
BadRequestKeyError: 400 Bad Request: The browser (or proxy) sent a request that this server could not understand. KeyError: 'search'
Flask not auto-reloading when running under WSL2 and I do not have 'watchdog' installed
Alembic migration for GeoAlchemy2 raises NameError: name 'geoalchemy2' is not defined
ModuleNotFoundError: No module named 'numpy' error in Flask app even if numpy present.
How to Display Image in Flask after a button is pressed
What are Flask Blueprints, exactly?
Why is raw data not accepting the format in POSTMAN?
How to write custom javascript in superset which is installed in docker?
Scoping with variables in Flask when calling ShopifyAPI
The instance profile associated with the environment does not exist