to save access_token in frontend's cookie.
It has httpOnly; Secure; SameSite=None; attributes. It worked for localhost to api, localhost to localhost ( different port ) etc.
my urls are like https://api.asd.com and https://portal.asd.com.
It's not working in Safari. So reading through stackoverflow, Safari don't like SameSite=None so I changed it to SameSite=Lax Works on every browser except localhost to server what's happening and what should I do?
My header is like this now
Set-Cookie: Authorization=magic; httpOnly; SameSite=Lax; MaxAge=3600; Secure; Doman=.asd.com; ( Works on all browser except localhost (FE) to https://api.asd.com)
Need to be on same domain to set/send cookies
api.domain.co & portal.domain.co are domain.co ryt?
localhost & portal are not. but Samesite=None & Secure:true works. why?
What do you mean it works? If there's no restrictive CORS policy, the request will get sent. But I don't think the Set-Cookie response headers work
They worked & Set the cookie on both localhost-domain & doman-subdomain. Which i dont understand how. only safari blocked it. which needed privacy shering in settings to be turned off
Обсуждают сегодня