https://browserid.org/include.js fails in Chrome with html5 appcache manifest

How can I use browserid.org from an appcached webapp in Chrome? This code:

<html manifest="test.appcache"><head> 

<script src="https://browserid.org/include.js"></script> 
<script> 
function test() {
    if(navigator.id){
        alert('OK!');
    } else {
        alert('Oops!');
    }
}
</script> 
</head><body onload="test();">test</body></html> 

combined with test.appcache:

CACHE MANIFEST

and with .htaccess:

AddType text/cache-manifest .appcache

will alert 'OK' every time you refresh it in Firefox. In Chrome, it will alert 'OK' the first time you visit it, but 'Oops' every next time you refresh it (i.e., when served from the appcache).

Some facts about the file it's failing to include:

• it's cross-origin
• it's served over https
• it has a "Cache-Control: public, max-age=0" response header

Still, I don't understand exactly why this works in FF but fails in Chrome. I think this is related in some way to "HTTP cache headers and restrictions on caching pages served over TLS are overridden by manifests." on http://www.w3.org/TR/html5/offline.html and/or "Over SSL, all resources开发者_如何学Python in the manifest must respect the same-origin policy." on http://appcachefacts.info/ but I don't understand exactly how.

I tested with Chromium 12.0.742.112 on Ubuntu.

I guess one work-around would be to create a cacheable app without browserid support, and put the browserid login button in an iframe that's not in the caching manifest, with a FALLBACK: that displays a greyed-out browserid login button. but i was hoping maybe someone has a proper solution.

---

I experimented a bit, and this only affects web apps that are served over http. So to avoid it, simply serve your web app over https.

it is still a bug in Chrome i think, but at least this is a workaround for it, so marking question as answered.