I’m having problems setting cookies for my static web with the onrender.com domain. I’m assuming because of the public suffix list?
The setup is as following:
When admin ui sends a requests to api service the service responds with a cookie. That cookie is never set.
set-cookie: FRI_API=randomsession; Max-Age=2147483647; Domain=onrender.com; Path=/; Expires=Tue, 02 Jan 2091 13:36:05 GMT; HttpOnly; Secure; SameSite=Strict
Chrome gives: This attempt to set cookie via set-cookie header was blocked because its domain attribute was invalid with regards to the current host url
This works for localhost and our custom domains api.fri.is and admin.fri.is but not onrender.com
I’m fine with using the custom domains, BUT I have Preview Environments like fri-admin-pr-31.onrender.com where we need to test our features before merging the pull request. Right now our product manager and test users can’t log in to test new features.
Am I doing something wrong or is there a better way to achieve this?