I get this warning message in the network tab of my broswer: this attempt to set a cookie via a Set-cookie header was blocked because its domain attribute was invalid with regards to the current host url
I have two applications. A next.js frontend app and a Django backend app. The backend uses Django’s session storage and I’m trying to set cookies in the browser. This was working on localhost. I’m using Azure to host my application. I bought my own domain called something.xyz. I put my frontend as an A record with host as @ in my DNS configuration and my backend as a CNAME with host as ser. There are also TXT records for azure config. When I go to ser.something.xyz I can access my backend. I can also access my frontend when I go to something.xyz.
I have set both SESSION_COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE to None. I have set both SESSION_COOKIE_DOMAIN and CSRF_COOKIE_DOMAIN to either something.xyz, .something.xyz, or ser.something.xyz. I also tried putting https:// in front (that’s probably wrong but I’m desperate)
I know this question has been asked before, but I just can’t seem to get it to work. I have changed my settings several times
This is the message I’m getting from the network tab: csrftoken=xxxxxxxxxxxxxxxx; Domain=['something.xyz']; expires=Mon, 03 Feb 2025 22:41:48 GMT; Max-Age=31449600; Path=/; SameSite=None; Secure this attempt to set a cookie via a Set-cookie header was blocked because its domain attribute was invalid with regards to the current host url I getting this message for both my csrf cookie and sessionid cookie
Am I missing something? Should I just use tokens?
Also, I swear at one point the csrf cookie was setting but I changed the settings and now both won’t set. I can’t remember what I changed.