stencil icon indicating copy to clipboard operation
stencil copied to clipboard

Published 20 hours ago verified publisher icon ionic-team

Web App Manifest blocked by CORS when hosted behind authentication

Open WillsB3 opened this issue 5 years ago • 11 comments

Stencil version:

@stencil/[email protected]

I'm submitting a: [x] bug report [ ] feature request [ ] support request

Current behavior: Currently, when deploying a Stencil site / app to a host behind authentication, the manifest file fails to load with the following error:

Access to manifest at 'https://path.to/my-site/manifest.json' from origin 'https://path.to' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Expected behavior: The manifest should be loaded with crossorigin="use-credentials" so that the browser sends the auth credentials when requesting the manifest. See MDN for details.

Steps to reproduce:

  1. Deploy the starter app to a location that is behind authentication.
  2. Open DevTools and observe that the manifest does not load due to a CORS error.

Other information: I'm not sure where the template for the generated index.html file lives, but I believe this fix should be as simple as changing:

<link rel="manifest" href="./manifest.json">

to

<link rel="manifest" href="./manifest.json" crossorigin="use-credentials">

WillsB3 avatar Aug 10 '19 13:08 WillsB3

Hey man, this helped me solve the same issue for an S3/CloudFront website - thanks for making it google-able!

patrickfoley avatar Apr 11 '21 14:04 patrickfoley

How Can i solve this problem? adding crossorigin is not solving this.

iamhammadaali avatar Apr 14 '21 15:04 iamhammadaali

<link rel="manifest" href="./manifest.json" crossorigin="use-credentials">

this worked for me too.

pranaynailwal avatar Apr 29 '21 12:04 pranaynailwal

it doesn't work

marcchew avatar Aug 28 '21 15:08 marcchew

Adding crossorigin may be the initial solution we come to, however there may be more circumstances where this cannot work. We will need more information - can you please create a reproduction repo and link here? If you can also speak to any nginx/Apache/Aws rules you set, that would help as well.

splitinfinities avatar Nov 14 '21 01:11 splitinfinities

Adding <link rel="manifest" href="%PUBLIC_URL%/manifest.json" crossorigin="use-credentials"> did not solve the problem, are there any other suggestions for this ?

jayaamamidala avatar Mar 30 '22 18:03 jayaamamidala

I had same issue and was tearing my hair out. crossorigin="use-credentials" worked for us! Thanks!

tmchow avatar Jun 26 '22 01:06 tmchow

replace this with <link rel="manifest" href="./manifest.json" /> will solve the issue

kushankurdas avatar Feb 25 '23 18:02 kushankurdas

this worked for me too.

ManiMatter avatar Apr 02 '23 21:04 ManiMatter

hey, the issue is happen not only because of the crossorigin, may be you run the web app through the path. so instead of that run it with a live server issues will be resolve.

abhijith1741 avatar May 16 '23 13:05 abhijith1741

My app is hosted on Azure, and the container only allows authenticated traffic. So, the PWA runs except the images do not render until the page is hard refreshed. So, in this scenario, it routes the user to the login page (Microsoft) and then, once back to the PWA landing page, puff we have the images rendered. It is not a desired behaviour for sure. By checking the console on the browser, I can see that the access to font, manifest and internal resource are blocked by CORS policy (No access-Control-Allow-Origin header), even if I inclued the crossorigin="use-cedentials" on my index.html. No idea how do solve this, any clue please?

joaoefmota avatar Feb 15 '24 08:02 joaoefmota