search

RealFaviconGenerator / realfavicongenerator

Generate favicon for all major platforms
508 stars 23 forks source link

Add crossorigin="use-credentials" #474

Closed UweKeim closed 2 years ago

UweKeim commented 2 years ago

According to this blog entry, the generated webmanifest link that currently looks like this:

<link rel="manifest" href="/site.webmanifest">

Should look like this:

<link rel="manifest" href="/site.webmanifest" crossorigin="use-credentials">

I.e. the crossorigin="use-credentials" attribute should be added.

I'm doing this successfully since quite a long time and it seems to work just pretty good.

My suggestion

Please also include the crossorigin="use-credentials" attribute when generating the HTML fragment to insert into my HTML page.

tigt commented 2 years ago

I think this only happens if the manifest URL needs cookies/HTTP basic auth/etc. to be successfully fetched, right? At least, that’s what MDN suggests:

The use-credentials value must be used when fetching a manifest that requires credentials, even if the file is from the same origin.

More background at https://github.com/w3c/manifest/issues/535

UweKeim commented 2 years ago

Not sure. In my case I did not need cookies and still the attribute was necessary. Adding it ever since with no negative effects.