BUG: Add `crossorigin="use-credentials"` to fetch manifest

[bbtfr]

Bug Description

My setup consists of a server in a DMZ that handles authentication with OAuth, and sets a cookie. Once this cookie is found, requests are proxied to the server that runs prefect. Everything runs fine, except when chrome tries to fetch the manifest(<link rel="manifest" href="/site.webmanifest" />) it doesn't send the cookie, and thus gets an error.

The solution is to add the following attribute to the <link> tag:

<link rel="manifest" href="/site.webmanifest" crossorigin="use-credentials">

Documented here: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/link

I replace it in nginx config and it worked fine.

sub_filter '<link rel="manifest" href="/site.webmanifest">' '<link rel="manifest" href="/site.webmanifest" crossorigin="use-credentials">';

Steps To Reproduce

1. Visit server in a DMZ

Browsers Tested:

• [x] Chrome
• [x] Firefox
• [x] Safari
• [ ] Edge
• [ ] IE

---

Notes

Thanks!

[znicholasbrown]

Hi @bbtfr - given that we don't use cookies out of the box and this is a specific workaround for your use case, I don't think this is something we'll pick up at this time as it has downstream implications for other auth environments. I'll leave this open with a wontfix label for others to discover if they want to use your workaround.