Forum Discussion

krisdames's avatar
krisdames
Icon for Cirrus rankCirrus
Jan 05, 2024

Change cookie domain in HTTP::respond

My need is to redirect requests for https://foo.xxx.com/mfe to a new URL (different domain) and pass along a specific cookie (cookie name is avul_user). The redirect works and the cookie is sent, but...
  • Egranty's avatar
    Jan 06, 2024

    When redirecting (and on cross-domain requests such as fetch()/XMLHttpRequest()) to third-party domains, the browser does not send cookies. Cookies are scoped to a specific domain (and possibly subdomains thereof), because it's a part of internet security, based on Cross-Origin Resourse Sharing (CORS).

    Possible solutions for you case, their advantages/disadvantages and how to do it safely, are given on stackoverflow.