DEV Community

一鸟
一鸟

Posted on

make browser keep cross-site cookie

Preconditions:

  1. request with credentials
    • if use fetch, should contain credentials: 'include'
    • if use XMR, should with withCredentials: true
  2. if the request is cross-origin, such as requesting api.xxx.dev from site.xxx.dev, the response header should pass the browser's CORS check.

then, the response header should like this:

set-cookie: Authorization=xxx; Path=/; Domain=.xxx.dev; Max-Age=<time>; Expires=<time stamp>; Secure; HttpOnly; SameSite=None
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

wiseguide profile image

How Can You Effectively Handle Errors in Azure SQL Database Administration?

Wiseguide -

jenlooper profile image

What are JavaScript Engines?

Jen Looper -

wiseguide profile image

How Can You Effectively Handle Errors in Database Architecture?

Wiseguide -

lvalen profile image

Understanding Middleware: The Essential Guide For Developers

shema -