1

Chrome and Firefox for Android don't seem to include cookies in the request to the manifest start_url when opening a Progressive Web App. My authentication system redirects the user to the login page. But as soon as the login page is refreshed, the user is redirected away from the login page because really they are already logged in.

Setting start_url to a different page that issues a 302 redirect back to the original page does not work either. However, a redirect using meta-refresh does successfully pass cookies to the page.

Can someone explain this behaviour?

Derkades
  • 121
  • 1
  • 6

1 Answers1

0

That's because the request doesn't supposed to include credentials. Use the following code on your header:

<link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
devio
  • 145
  • 4
  • I thought setting `crossorigin=use-credentials` only affects the GET /manifest.json request, not the request to start_url? – Derkades Aug 24 '23 at 16:12