no matter what I try the browser refuses to send the cookie with additional requests after successful login.
I use fetch(url, { credentials: "include"})
, I set the cors headers in the response like:
Access-Control-Allow-Credentials:trueAccess-Control-Allow-Headers:Content-Type, Authorization, Set-Cookie, Cookie, Origin, X-Dev-Token, Bearer, AcceptAccess-Control-Allow-Methods:GET, POST, PUT, DELETE, PATCH, OPTIONSAccess-Control-Allow-Origin:https://mydomain.deSet-Cookie:token=eyJhbG34SAmOgmnfmvjBP6OfhwVyftgHnc; Secure; SameSite=None, HttpOnly; Max-Age=432000
So this is a https site, both front- and backend are controlled by me, they just have different domains.
So what I am doing wrong here?
Thanks for any help!