I am trying to make an authentication page that will return a JWT usable on different subdomains through cookies. Here is the scenario I try to achieve :
authenticate.staging.example.comadmin.api.staging.example.com and return these headers :Set-Cookie: jwt=myToken; Domain=.staging.example.com; SameSite=None; Secure
Access-Control-Allow-Headers: 'Accept, Content-Type'
Access-Control-Allow-Origin: 'https://authenticate.staging.example.com'
Access-Control-Allow-Methods: 'GET,POST,PATCH,PUT,DELETE,OPTIONS'
Access-Control-Allow-Credentials: 'true'
admin.staging.example.com or docs.staging.example.com, the JWT cookie is sent for all the requests (index.html, etc.)For now, I receive the cookie but it is not sent when I go to admin.staging.example.com or docs.staging.example.com. It is not a problem if the solution only works in latest Chrome.
Thank you for your help
I've make it worked by adding Path=/ and HttpOnly to my cookie