I have a chat plugin which in some cases is intended to work cross-domain (ie the app is installed on a.com while the plugin is used on b.com ). In order to authenticate users the app relies on a third-party cookie. This poses a problem due to the decision of modern browsers to opt completely out from using 3rd party cookies for security reasons.
I want to find a viable workaround to this issue and possible alternatives to 3rd party cookies.
If b.com
wants to know which user is logged on a.com
, it should make ajax call to a.com
including the credentials
:
fetch('https://a.com/api/v1/users/current', {mode: 'cors', credentials: 'include'})
.then(response => response.json())
.then(data => console.log(data));
On a.com
you have to create the API endpoint /api/v1/users/current
that will send the user data in JSON for currently logged in user. For better security it should respond only if the origin is b.com
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.