Hi @al_ps and thank you for your help.
I tried your solution but
set-cookie:FRI_API=session; Max-Age=2147483647; Domain=admin.fri.is; Path=/; Expires=Tue, 02 Jan 2091 17:29:05 GMT; HttpOnly; Secure; SameSite=Strict
Gives the same error about being blocked because of domain. I’m guessing because the domain sending the cookie and the domain setting it are different and I have SameSite=Strict.
Cookies always confuse me. Even it I would be able to set it, it would not work, right? Because the domains are different. The api service is sending the cookie asking admin to set it. The static admin then ommunicates with the api using withCredentials (or include credentials, etc) - and again the domains wouldn’t match. The static site is asking api.onrender.com to use a cookie for admin.onrender.com
Am I misunderstanding you?
This sounds really good and would solve alot of my headache, but having to manually set it is kind of a dealbreaker.
How about custom domain for Preview Environments? Could I set up api-pr-31.fri.is ?
There must be a way, I can’t believe that I’m the first person using render preview environment with login/session?
I can change the code anyway you guys think would best match your environment. So any tip in the right direction would be greatly appreciated.