Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi guys,
help wanted:
How to send ory cookies to other domain?
in frontend
```    const client = new GraphQLClient(endpoint, {
        credentials: 'include',
      })```
in api
```      cors: {
        origin: (origin, callback) =&gt; {
          callback(null, origin)
        },
        credentials: true,```
But it doesn't work

what do you mean by "other domain"? cookies are bound to domains, you cannot simply send them wherever you want :sweat_smile:

Actually, <https://zellwk.com/blog/handling-cookies-with-fetchs-credentials/#testing-credentials-between-two-domains|you can> if the credentials in the case of fetch is set  to 'include' and the backend responds with 'access-control-allow-origin' specific to the origin and with  'Access-Control-Allow-Credentials' true.
And besides that I should have set the SameSite attribute of `ory_kratos_session` to 'None'.  But that is problem now because the origin is <http://localhost>, which means the cookie Secure flag is set to false and that mess my evil plan of calling our staging backend from my local frontend.

Anyways, I will keep searching a solution. Thanks