1

I am developing a javascript embeddable chat widget that can be deployed on the customer's site. I am trying to make API calls (using XMLhttp configured withCredentials true) from my Iframe widget to the backend to get some data and set cookies (JWT), I get 200 responses and see the set cookie in headers but not able to see it in the console application.

res.cookie("__jlcw", "token", {path:'/', sameSite: "none", secure: true });

enter image description here

Could someone help me with this? Am I missing something?

tadain
  • 138
  • 10

1 Answers1

0

If frontend and backend are on different top-level domains (say, my.frontend.com vs. your.backend.com), the cookie counts as a third-party cookie and may be blocked based on your browser settings.

Heiko Theißen
  • 12,807
  • 2
  • 7
  • 31