I have a frontend and a backend app. They are in different domains (subdomain). The frontend app does a first request (GET) to get some server-side information, basically
The situation is:
myapp.com cookies: _session_id api.myapp.com cookies: XSRF-TOKEN
So, my frontend app gets the
_session_id cookie but it doesn't get the
XSRF-TOKEN. When I try to get the
XSRF-TOKEN to put it on the header like
X-XSRF-TOKEN it isn't possible because they're different domains.
Any good soul to help me? Thanks in advance.
You'll want to consider the following: Share session (cookies) between subdomains in Rails?
#config/initializers/session_store.rb YourApp::Application.config.session_store :cookie_store, key: '_yourapp_session', domain: :all, tld_length: 2