Cross-domain setting a cookie in express/nestjs (Backend on Cloud / NextJS on Localhost)

Question

currently we're having an issue on setting a cookie on cross-domain. The setup is, we have NextJS as Frontend and NestJS as Backend. Now, this backend is deployed in DigitalOcean, and our Frontend devs are on Localhost. Currently we're having an issue on setting a cookie in this scenario.

On backend, the cors credentials has been set to true, and on frontend using graphql apollo, credentials has been set to include. So technically, running both the server and client on localhost, no problem on cookies, it's being set. But once the Frontend devs used the API endpoint on DigitalOcean, cookies are getting blocked.

I've tried alot of ways to play on the cookie options like setting the httpOnly to true or false, setting sameSite to none but it requires Secure to be true so not possible. Setting domain to localhost or 127.0.0.1 and etc.

So do you guys have any idea how can we fix this? We want this structure so that the Frontend devs don't need to run the server locally, they just need to point on that API and thats all. Thanks!

Answer 1

Hello my project has run on localhost port 3000(nestjs), 5000(nextjs) this localhost environment can share cookie

So on production I have use www.domain.com(nestjs), service.domain.com(nextjs) and set the cookie's domain = .domain.com to share cookie both nextjs & nestjs

It works fine. Hope this help to another people lol.