How to set cookies for different domain

[KRShanto]

When I use cookie.add(Cookie::new("name", "Shanto"));, it sets the cookie for the same domain.

But when I use it for a different domain/client, it doesn't set the cookie.

For example when I visit https://127.0.0.1:8000/login with browser or make a fetch request from that domain the below code works fine. It sets the cookie.
But when I request from https://127.0.0.1:3000 to https://127.0.0.1:8000/login it doesn't set the cookie.

How can I set the cookie for different domain?

My login route is:

use rocket::http::{Cookie, CookieJar};

#[get("/login")]
pub fn login(cookie: &CookieJar<'_>) {
    cookie.add(Cookie::new("name", "Shanto"));
}

My main function is:

use rocket_cors::{AllowedHeaders, AllowedOrigins};

#[launch]
fn rocket() -> _ {
    dotenv::dotenv().ok();

    let allowed_origins = AllowedOrigins::all();

    let cors = rocket_cors::CorsOptions {
        allowed_origins,
        allowed_headers: AllowedHeaders::all(),
        allow_credentials: true,
        ..Default::default()
    }
    .to_cors()
    .unwrap();

    rocket::build()
        .mount("/", routes![login /* more routes */,])
        .attach(cors)
}

I am using

• rocket = 0.5.0-rc.2

• rocket_cors = github master branch

[SergioBenitez]

I'm not totally sure what you're trying to do. I think you're trying to set a cookie cross-origin, is that right? If so, that's generally not possible, independent of Rocket.

[KRShanto]

Yes your are right. I'm trying to set a cookie cross-origin. But that's possible with actix-web, but why not for rocket?

[SergioBenitez]

Perhaps you're trying to have a cookie be sent cross-origin rather than setting a cookie cross-origin, which is allowed. Rocket, however, sets SameSite to Strict which prohibits this. To disable this for a specific cookie, set it to Lax or None, being aware of the security consequences.

Cookie::build("name", "val").same_site(SameSite::Lax)