0

Suppose I own a website at "cookiemaker.com". I want my client (website owners themselves) to send HTTP requests to my server that include cookies I generated. In other words:

  1. End-User "Bob" visits my site at cookiemaker.com
  2. I (cookiemaker.com) provides him with a cookie that his browser now stores
  3. Bob is now visiting another website ("cool-recipes.com")
  4. Bob clicks a button within cool-recipes.com, then his browser sends an HTTP request to cookiemaker.com.

Is there a way to include the cookie created at (2) in the request sent at (4)?

(Assuming full control of both websites)

OriGami
  • 33
  • 1
  • 5
  • Does this answer your question? [Cross-Domain Cookies](https://stackoverflow.com/questions/3342140/cross-domain-cookies) – Yogi May 11 '22 at 20:43

1 Answers1

0

HTTP cookies are always sent to the url requested, the origin requesting it (cool-recipes.com) should have a response with a header as the following:

Access-Control-Allow-Origin: <origin> //The website requester

If this header is not present, you will get an error like the following:

Access to fetch at '<requested site>' from origin '<your site>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

You have to add the origin (cool-recipes.com) to the site requested response headers (cookiemaker.com).

Access-Control-Allow-Origin: https://cool-recipes.com
alphα
  • 131
  • 7