ComputerGhost
commented
2 years ago Actually, this is a bad idea. I did not implement a whitelist.
Instead, I implemented a workaround the Chromium bug wherein it does not send cookies for the manifest file.
Endpoints such as manifest.json are giving errors in the browser console log. Ignore the fact that the client is authenticated when this file is requested. I'm more concerned about why this file isn't behind a whitelist like the favicon is. We need to be able to whitelist certain files.