Assume I have a front-end application that functions on example.com. The backend should be located on a subdomain, such as api.example.com. However, in order to set up session authentication for my frontend on my backend, I must establish cookies. However, Chrome alerts me to the fact that my session cookie is flagged as a third-party cookie and will be prohibited going forward. Can my backend remain on a different domain, or will backend requests have to go through example.com/api?
1 Like
Having trouble with CORS blocking your request? If you can access the backend code, you can fix it by adjusting the allowed CORS origins.
2 Likes
Do you have.example.com specified as your cookies domain? If so, I believe this won’t be third-party and will function for subdomains, though I could be wrong.
In order to have cross-site context, you can also set cookies to SameSite=none and Secure. Check check this MDN guide.
2 Likes
CORS is blocking the request? As far as I know, if you have access to the backend code you can allow requests by modifying the allowed CORS origins.
1 Like
@Mickey I’m not worried about CORS configuration; rather, I’m worried about whether my login mechanism will malfunction when Chrome bans third-party cookies in the future.
@Sadie Unfortunately, I don’t think it works with localhost when I try to test setting a cookie domain with Django.