App Manifest is not fetched

Browsers fetch the app manifest file without any cookies. This means, when using required authentication mode, that your manifest file will not be reachable, even when the user is authenticated.

To mitigate this issue, add crossorigin="use-credentials" to the reference the manifest (called manifest.json in our example) in your HTML like this:

<link rel="manifest" href="manifest.json" crossorigin="use-credentials" />

This way, the browser will add cookies to the request fetching the manifest, and authenticated users will get the manifest.

More information on the Application Manifest, especially this section.

This is no issue when using the optional authentication mode.