Safari is not sending cookies when doing CORS requests

[sneko]

Hi everyone,

I'm facing a problem... and I didn't succeed to solve it 😢

I'm protecting a dev environment through oauth2-proxy, so that if a user want to access it he just needs to log in to access my frontend application, and when those make requests to the backend API it works well because the cookies are also spreaded across the CORS requests made in JavaScript (XHR).

Hmm "it works", let me rectify... It works well for IE, Edge, Chrome, Firefox... except for Safari! It seems they don't authorize providing cookies on CORS calls.

Does anyone of you have already encountered this problem?

I was thinking about passing the "_oauth2_proxy" cookie through a custom header like "X-Access-Token", but I can't figure out how to do this since I didn't find how I could access the token? I can't access it through something like getCookie() because for example something my page is running on different domain (localhost...) and I'm not able to reach cookies of other domain.

Thank you,