Sended cookie is not getting set on frontend

Hi everyone, I am having issue were I am hosting my backend on https://setup-spot.onrender.com and my static website on https://setup-6ne8.onrender.com when the user logins in the backend sends cookie session and the frontend receives it but it being blocked by the browser and the error says " This attempt to set a cookie via a Set-Cookie header was blocked because its Domain attribute was invalid with regards to the current host url." and my cookie setting are like this

const app = express()

app.set("trust proxy")
app.enable('trust proxy')

app.use(express.json())
app.use(express.urlencoded({ extended: true }))
app.use(session({
    secret: process.env.SESSION_SECRET,
    resave: false,
    saveUninitialized: false,
    cookie: {
        httpOnly: true,
        path     : '/',
        expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
        maxAge: 1000 * 60 * 60 * 24 * 7,
        domain: frontEndLink,
        sameSite: 'none',
        secure: true
    },
    store: MongoStore.create({ mongoUrl: uri })
}))
app.use(cors({
    origin: [frontEndLink, frontEndLink1, frontEndLink2],
    credentials: true,
    exposedHeaders: ["Set-Cookie"]
}))
app.use(passport.initialize())
app.use(passport.session())
app.use(cookieParser(process.env.COOKIE_SECRET))
passport.use(new LocalStrategy(User.authenticate(),{session: true}))
passport.serializeUser(User.serializeUser())
passport.deserializeUser(User.deserializeUser())

how can I fix it?

Hi there,

onrender.com is an entry on the public suffix list, this restricts access to cookies across subdomains as you’re attempting to do here. You should look to use a custom domain here which won’t be limited like this,

Regards,

John B
Render Support, UTC+1 :uk:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.