HTML5 Manifest Cache behind Basic Auth?

Some other people were complaining about the same problem on iOS 3.x and said moving the manifest file outside of the auth directory seemed to fix things: http://lists.apple.com/archives/safari-iphone-web-dev/2010/Sep/msg00000.html

I was able to work around the problem with an .htaccess file in the folder in question that looked like this:

AddType text/cache-manifest .manifest
<FilesMatch "your.manifest">
    Order Allow,Deny
    Allow from all
</FilesMatch>

I had this same problem. The authentication broke or disabled the JS on the page which initiated the cache manifest when we launched the app in full screen mode from the home screen.

As a work around, from mobile safari we save a page to the home screen which is a duplicated version of the page that we want our cache manifest to run from. Then once you launch the page from the home screen we forward the duplicated page to the real page that we are running cache manifest from.

This prompts the login but does not break the JS running the cache manifest since it is technically prompted on our 'fake page' though the user is then immediately forwarded to the correct page where their cache download then successfully begins.

This seems like a bug in mobile Safari's full screen mode. Hopefully such things will be fixed in a future release. Hope this helps.


UPDATE: the above fix did not end up working for us since the fake intro page is not included in the manifest, so it doesn't load once offline. a bummer. we ended up just initiating the caching from mobile safari, so that any updates made need to be made through the browser and not in full screen mode.


This is actually caused by CORS because the browser treats the request as cross-origin.

A good solution is to add crossorigin='use-credentials' onto your manifest definition, like so:

<link rel="manifest" crossorigin="use-credentials" href="/manifest.json">

This will then pass your credentials over to the manifest request.

More info on this setting:: https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_settings_attributes