Send cookies via form post from react to action url of another domain

Question

I have a html form of which the fields are hidden with hardcoded values

<form ref={ref} action={crossDomainURL} method="post">
<input type="hidden" name="username" value="John"/>
</form>

We are submitting the form in useEffect using ref.current.submit(). The request is going and can be seen in network tab and as expected it is with redirect status, but the existing cookie is not being sent which is required in later forgerock sso login.

Also tried setting cookie before the form submit explicitly using react-cookie, still not able to see the cookie going in request

I am not able to get reference or example as such to do that, is it possible to send cookies via form post,what other changes needs to be done if i am missing anything.

Answer 1

If the cookie is valid for the crossDomainURL then it will be sent.

If the cookie is only valid for the URL the form appears on, then it won't. The cookie doesn't belong to the other domain. It would be a major security problem if the browser sent cookies belonging to third-party websites whenever it made a request!

react-cookie is going to set cookies for the current domain so they won't be valid for the crossDomainURL.

---

Your domain can't set cookies for the cross origin domain.

You will need to send the information in the cookie through some other method, such as a piece of form data, and the URL you are submitting to will need to expect the data to appear there.

---

You mentioned SSO. The standard approach for SSO is OAuth so you might want to examine its specs to see what data it passes to each origin and how.