I got a PWA that in general works very well. The client wants some sort of password protection, so I just added a matching .htaccess and .htpasswd, and to the manifest link tag the crossorigin=“use-credentials”’ attribute. And it works on my Macbook on Chrome (I got the little install button for PWAs and can use it to install and then launch the app) as well as on Chrome on my Android Phone.
However on my iPad it doesn’t work as soon as I add the password protection. The Safari browser can’t access the manifest file, giving me a 401 error. As soon as I remove the password protection it works. It’s as if the safari browser just ignores the crossorigin attribute.
Does anyone have any idea why Safari does that or how I could get it to work? Thank you