I have found a solution for my project that seems related to the one mentioned in that full-stack article I read.
It turns out that you can add crossorigin="use-credentials" to the manifest’s link tag in index.html:
<link rel="manifest" href="manifest.json" crossorigin="use-credentials">