问题
Client hosted on subdomain.example.com makes api call to example.com to fetch a cookie. The response has a Set-cookie header and I see the cookie as being returned alright:
However, I don't see the cookie saved in the Browser (Chrome, Firefox, Edge) and, as a result, is not sent as a header in subsquent API requests:
Set-cookie domain attribute is set to .example.com, but as I read in MDN I think the trailing dot gets ignored.
The cookie in question, by the way, is the csrf token secret set by the csurf library.
What am I doing wrong? I have been troubleshooting for 3 evenings now, I don't have a clue yet. seems to be same question as [0] but that one is unanswered. Thanks!
[0] Set cookie from subdomain to root domain and all subdomains
回答1:
Clearly I didn't have a good enough understanding of cors - [0] put me on the right track. It was due to not doing doing the AJAX request with withCredentials client side and credentials: true because I am setting an origin since server in example.com in not the same as subdomain.example.com. Hope it is helpful
[0] https://stackoverflow.com/a/60142012/3630417
来源:https://stackoverflow.com/questions/63513651/cookie-set-on-root-domain-not-available-to-subdomain-what-am-i-doing-wrong