Trying to use CORS and XSRF on different domains


I have a frontend and a backend app. They are in different domains (subdomain). The frontend app does a first request (GET) to get some server-side information, basically session_id and XSRF-TOKEN cookies.

The situation is: cookies: _session_id cookies: XSRF-TOKEN

So, my frontend app gets the _session_id cookie but it doesn't get the XSRF-TOKEN. When I try to get the XSRF-TOKEN to put it on the header like X-XSRF-TOKEN it isn't possible because they're different domains.

Any good soul to help me? Thanks in advance.

You'll want to consider the following: Share session (cookies) between subdomains in Rails?

YourApp::Application.config.session_store :cookie_store, key: '_yourapp_session', domain: :all, tld_length: 2