Features/cross origin credentials (#172)

* Update bootstrap path and add manifest credential use

The bootstrap path in phpunit.xml.dist has been updated to 'tests/autoload.php'. A useCredentials option has been added to the PWA manifest allowing the manifest to be fetched with credentials, enhancing website security. Also, an autoload.php file has been added to facilitate testing.
In the two updated classes (ManifestCompileEventListener and PwaDevServerSubscriber), the constant 'useCredentials' has been added to the IGNORED_ATTRIBUTES option of the Symfony AbstractNormalizer, which prevents serialization of this specific attribute. This adjustment was made to improve the efficiency of our serialization process.

phpunit.xml.dist

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        bootstrap="vendor/autoload.php"
+        bootstrap="tests/autoload.php"
         colors="true"
         xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
         cacheDirectory=".phpunit.cache"

src/Dto/Manifest.php

@@ -11,6 +11,9 @@ final class Manifest
 {
     use TranslatableTrait;
 
+    #[SerializedName('use_credentials')]
+    public bool $useCredentials = true;
+
     #[SerializedName('background_color')]
     public null|string $backgroundColor = null;
 

src/Resources/config/definition/manifest.php

@@ -27,6 +27,10 @@
                         ->info('The public URL of the manifest file.')
                         ->example('/site.manifest')
                     ->end()
+                    ->booleanNode('use_credentials')
+                        ->defaultTrue()
+                        ->info('Indicates whether the manifest should be fetched with credentials.')
+                    ->end()
                     ->scalarNode('background_color')
                         ->info(
                             'The background color of the application. It  should match the background-color CSS property in the sites stylesheet for a smooth transition between launching the web application and loading the site\'s content.'

src/Subscriber/ManifestCompileEventListener.php

@@ -10,6 +10,7 @@
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
 use Symfony\Component\Serializer\Encoder\JsonEncode;
+use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
 use Symfony\Component\Serializer\Normalizer\AbstractObjectNormalizer;
 use Symfony\Component\Serializer\SerializerInterface;
 use const JSON_PRETTY_PRINT;
@@ -40,6 +41,7 @@ public function __construct(
         $options = [
             AbstractObjectNormalizer::SKIP_UNINITIALIZED_VALUES => true,
             AbstractObjectNormalizer::SKIP_NULL_VALUES => true,
+            AbstractNormalizer::IGNORED_ATTRIBUTES => ['useCredentials'],
             JsonEncode::OPTIONS => JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_THROW_ON_ERROR,
         ];
         if ($debug === true) {

src/Subscriber/PwaDevServerSubscriber.php

@@ -16,6 +16,7 @@
 use Symfony\Component\HttpKernel\KernelEvents;
 use Symfony\Component\HttpKernel\Profiler\Profiler;
 use Symfony\Component\Serializer\Encoder\JsonEncode;
+use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
 use Symfony\Component\Serializer\Normalizer\AbstractObjectNormalizer;
 use Symfony\Component\Serializer\SerializerInterface;
 use function assert;
@@ -69,6 +70,7 @@ public function __construct(
         $options = [
             AbstractObjectNormalizer::SKIP_UNINITIALIZED_VALUES => true,
             AbstractObjectNormalizer::SKIP_NULL_VALUES => true,
+            AbstractNormalizer::IGNORED_ATTRIBUTES => ['useCredentials'],
             JsonEncode::OPTIONS => JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_THROW_ON_ERROR,
         ];
         if ($debug === true) {

src/Twig/PwaRuntime.php

@@ -56,8 +56,12 @@ public function load(
     private function injectManifestFile(string $output): string
     {
         $url = $this->assetMapper->getPublicPath($this->manifestPublicUrl) ?? $this->manifestPublicUrl;
+        $useCredentials = '';
+        if ($this->manifest->useCredentials === true) {
+            $useCredentials = ' crossorigin="use-credentials"';
+        }
 
-        return $output . sprintf('%s<link rel="manifest" href="%s">', PHP_EOL, $url);
+        return $output . sprintf('%s<link rel="manifest"%s href="%s">', PHP_EOL, $useCredentials, $url);
     }
 
     private function injectThemeColor(string $output, bool $themeColor): string

tests/autoload.php

@@ -0,0 +1,9 @@
+<?php
+
+declare(strict_types=1);
+
+use Symfony\Component\ErrorHandler\ErrorHandler;
+
+require_once __DIR__ . '/../vendor/autoload.php';
+
+ErrorHandler::register(null, false);