Gatsby: Add use-credentials option to gatsby-plugin-manifest to allow cookies to be sent by Chrome

Created on 18 Feb 2019  路  4Comments  路  Source: gatsbyjs/gatsby

Summary

We're about to launch a pilot of our college's new Gatsby-generated front page. The first deployment will be controlled by an opt-in cookie that we are sharing with several on-campus volunteers. We discovered that the gatsby-plugin-manifest plugin is generating our tag to the manifest file properly, but the request from Chrome for the manifest file is sent without cookies or authentication headers by default. This means the request 404s even with our preview cookie set.

We learned about this Chrome restriction from this GitHub comment:
https://github.com/w3c/manifest/issues/535#issuecomment-265338307

Basic example

We envision a configuration flag like this:

    {
      resolve: `gatsby-plugin-manifest`,
      options: {
        /* Existing options */
        use_credentials: true
      },
    },

That would result in a link tag like this:

<link rel="manifest" href="/manifest.webmanifest" crossOrigin="use-credentials" />

Motivation

We'd like a visitor's cookies to be sent with the manifest file request by all browsers, including Chrome. We aren't using authentication, but if a PWA did rely on authentication, we imagine this would be a helpful feature, too.

Admittedly, we don't think many people would need this, and we'd probably remove it after we launch the site officially, so the default behavior should continue to be to exclude the crossOrigin/use-credentials attribute.

All this being said, it is possible for us to manually direct the request to the correct backend node in our load balancer. We understand if this issue is ultimately closed without implementation, but hopefully future Gatsby developers will see this issue and understand what's happening with Chrome. :)

good first issue help wanted
Source
picture kishba

Most helpful comment

what do you think by making it even more open so if somehow the spec changes we don't have to add anything.

{
      resolve: `gatsby-plugin-manifest`,
      options: {
        /* Existing options */
        // default crossOrigin: `anonymous`
        crossOrigin: `use-credentials`
      },
    },

it would be awesome if you could create a PR for it! :rocket:
The code is here:
https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-plugin-manifest/src/gatsby-ssr.js#L35-L38

picture wardpeet on 19 Feb 2019
👍2

All 4 comments

what do you think by making it even more open so if somehow the spec changes we don't have to add anything.

{
      resolve: `gatsby-plugin-manifest`,
      options: {
        /* Existing options */
        // default crossOrigin: `anonymous`
        crossOrigin: `use-credentials`
      },
    },

it would be awesome if you could create a PR for it! :rocket:
The code is here:
https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-plugin-manifest/src/gatsby-ssr.js#L35-L38

wardpeet picture wardpeet on 19 Feb 2019
👍2

Can I take this one?

yogeshkotadiya picture yogeshkotadiya on 19 Feb 2019

@wardpeet I like the idea of being able to specify the value instead!

I don't know if I can tackle this, so feel free @yogeshkotadiya ! :)

kishba picture kishba on 19 Feb 2019

This was added by @yogeshkotadiya and published in [email protected] 馃帀

sidharthachatterjee picture sidharthachatterjee on 22 Feb 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hobochild picture hobochild  路  3Comments
mikestopcontinues picture mikestopcontinues  路  3Comments
kalinchernev picture kalinchernev  路  3Comments
brandonmp picture brandonmp  路  3Comments
dustinhorton picture dustinhorton  路  3Comments