I'm having a problem with the cookies sent by my API server. I use React app as a frontend and a PHP backend server, they have different domains. The flow is like this: A user logs in and the frontend sends and XMLHTTPRequest with "withCredentials" set true to the backend server, the backend server then responds with this
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 04 May 2018 02:37:01 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Headers: Content-Type, X-CSRF-TOKEN
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://frontend.com
Message: Successfully logged in.
Set-Cookie: cookie-token1=; HttpOnly; Path=/; Domain=frontend.com
Set-Cookie: cookie-token2; Path=/; Domain=frontend.com
Content-Encoding: gzip
Although the backend responds with cookies, the cookies are not stored in the browser. I added Allow-Credentials and Allow-Origin headers to the server response so the cookies are acknowledged by the browser, but the cookies ares still not stored. Does anyone have an idea what could be the problem?
