Cookies not sent with request for Web App manifest.json
According to the https://developers.google.com/web/fundamentals/web-app-manifest/
The request for the manifest is made without any credentials (even if it's on the same domain), thus if the manifest requires credentials, you must include crossorigin="use-credentials" in the manifest tag.
So adding <link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
for both cross domain as adding server cookies in the request for the manifest
There seems to be an old a bug in chromium, should have been fixed through all these years. Perhaps you can try using ajax/fetch
the "/content/site-x/manifest.json" with requestHeader "Content-type: application/json"
and then create a Blob from it and subsequently call createObjectURL(Blob) and give this url to href?
And then also, there is this:
<link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
which I guess in your case would not help since you are on the same origin.