Skip to content

fetched icons fail in chrome when same-origin policy is present #1065

Open
@elandorr

Description

@elandorr

I read #535, but that is only about the manifest itself.

With a same-origin CORP chrome devtools complains 'icon n failed to load'.

Their logger says:

t=1199 [st= 1]       +HTTP_TRANSACTION_SEND_REQUEST  [dt=0]
t=1199 [st= 1]          HTTP_TRANSACTION_HTTP2_SEND_REQUEST_HEADERS
                        --> :method: GET
                            :authority: foo.bar
                            :scheme: https
                            :path: /icons/512x512.png
                            ...
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image

even though a crossorigin attribute on the link to the manifest is given.

It should say sec-fetch-site: same-origin. If I turn off same-origin altogether, it works as expected.

Is this a bug in chrome, or am I missing something from the spec?

Firefox does not have this issue, their devtools show the images just fine. On Android a Chrome based fork I tried with also allows 'adding to homescreen' and shows an image. It's unclear whether that's just an upscaled favicon, though.

Cheers

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions