Cookies not sent with request for Web App manifest.json

According to the https://developers.google.com/web/fundamentals/web-app-manifest/

The request for the manifest is made without any credentials (even if it's on the same domain), thus if the manifest requires credentials, you must include crossorigin="use-credentials" in the manifest tag.

So adding <link rel="manifest" href="/manifest.json" crossorigin="use-credentials"> for both cross domain as adding server cookies in the request for the manifest


There seems to be an old a bug in chromium, should have been fixed through all these years. Perhaps you can try using ajax/fetch the "/content/site-x/manifest.json" with requestHeader "Content-type: application/json" and then create a Blob from it and subsequently call createObjectURL(Blob) and give this url to href?

And then also, there is this:

<link rel="manifest" href="/manifest.json" crossorigin="use-credentials">

which I guess in your case would not help since you are on the same origin.