PWA behavior

[tohuwabohu-io]

Is your feature request related to a problem? Please describe. After the last release, I observed the following:

• the icon would look so much better if it had the default dark theme colour instead of the light theme
• the PWA suddenly opens in the browser instead of being a standalone app. This applies to both Firefox and chrome
• session management seems buggy. I set the timeout to P1D, but got my session invalidated after a few minutes

Describe the solution you'd like Investigate the issues above.

Additional context The display issues should be controlled by the PWA manifest. For the session stuff, the service worker could be the culprit.

[tohuwabohu-io]

The session management works fine. It turns out that Firefox enabled the rejection of cookies which have same-site=none without the secure flag. For local development this makes sense, but I am irritated by the behaviour on prod. The secure flag should be set automatically in FormBasedAuthenticationMechanism when SSL is enabled.

To make it work, go to about:config and set network.cookie.sameSite.noneRequiresSecure to false.

During debugging, I noticed that the old auth cookie being sent albeit a new one being generated after login. It was easy to miss the console logs in the browser due to the dashboard redirect.

Two options:

1. Find out why the secure flag won't be set on a https connection
2. Find out how to utilize the other same-site attribute values (lax and strict)

Either way, I prefer not to set browser config properties when testing locally.

[tohuwabohu-io]

I set the same-site attribute to strict now.

As far as the PWA goes, I set theme_color and background_color, and replaced the whitespace of the font names with hyphens.