From domain "origin.a.com" , an ajax call is being made to a servlet on another domain "cms.b.com" to fetch some response and show on the page hosted on origin.a.com. For tracking purpose, cms.b.com is maintaining a cookie and sending along with the response, but the cookie is not visible in browser->application/cookies under origin.a.com. However, the cookie can be seen in set-cookie (response header). Using CORS, trying to establish the calls and cookie.
Below is the configuration used.
code on https://origin.a.com
$.ajax({
url: "https://cms.b.com/content/endpoint/Data",
type: "POST",
CORS: "true",
xhrFields: {
withCredentials: true
},
crossDomain: true,
contentType: "text/plain",
data: JSON.stringify({ rootPagePath:"/content/a/b/en/08", uid: "w47fh4fhj" }),
success: function (result) {
console.log("successful call");
},
error: function (err) {
console.log("unsuccessful call")
}
});
Response header and cookie on https://cms.b.com servlet
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Origin", "https://origin.a.com");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
response.setHeader("Access-Control-Allow-Methods","GET, POST, PUT, DELETE");
String cookieValue3 = "devCookie="+userSession.getId()+";"+"Path="+"/;"+"SameSite=None; Secure;"+"max-age=500;";
response.addHeader("Set-Cookie", cookieValue3);
The cookie is available in response header cookie in response header
The cookie is not being available under application/ cookies for domain "https://origin.a.com ". What is being missed to support CORS calls and maintain cookie from another domain under requested domain ?
