Apparently when you declare icons in a PWA manifest, they get fetched without cookies. This is true even if the manifest itself is fetched with crossorigin="use-credentials" (which sends cookies).
Result is for a Dropserver app to be a PWA, it is forced to have some public routes, just to serve these icons.
See screenshot of Leftovers app routes (this is from ds-dev interface). That yellow "public" is so frustrating 😞
This stinks. I really want people to have personal web apps with zero public routes.
I hope this can be fixed in standards?
Otherwise I'll have to get crafty and work around it, maybe by declaring a special handler for manifests that rewrites icon urls to some unguessable link that would be served by Dropserver.
add this to the pile of problems that didn't exist before people decided to start trying to use web browsers for every single thing
@lunch 🤷♂️ PWAs and interactive websites are the only tool we have against app stores run by mega corps on mobile devices. I'd rather make a PWA than be subjected to the terms and moods of app stores.
That's for mobile. I'm afraid that in the future Macs will be locked down similarly, and then Windows won't be far behind.
And before you say "everyone should be on Linux" Please, don't. I've waited too many decades already.
So yeah I'm going to keep making "shitty webapps". Sorry not sorry.
@teleclimber until they start doing the same thing to the web since chrome controls 70% of the market with safari taking most of the rest
the web is not really open anymore in the way it was 10 years ago, stop enabling our corporate oppressors to continue doing what they're doing by working in the margins of what they haven't asserted their influence as strongly yet
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!