CORS issue when requesting static assets from server

I’m running into this CORS issue when the browser tries to load my site’s manifest.json.

image

It looks like Codespaces is doing some sort of redirect that changes the origin from f580404c-4d1e-44bf-9095-366e2f4fcffd-3000.apps.codespaces.githubusercontent.com to github.com and the appropriate headers are missing.

Is this a known issue?

1 Like

Hey umar-ahmed, thanks for reporting this!

Never saw this before but the issue is very interesting, looks like the auth fails for this particular asset and the browser tries to authenticate with that redirection, and of course, that will fail due to the response does not have the appropriate CORS headers.

Try adding crossorigin="use-credentials" to the manifest tag so the Codespaces Port Forwarding auth cookie will be included with the request (https://web.dev/add-manifest/).

Note that if the app makes some fetch requests, you will need to add credentials: 'include' to the request options for the same reasons.