As seen in https://github.com/ory/cloud/issues/53 we should, per default, set the cookie on the TLD instead of the current domain. This will prevent CORS errors and is what we also have done in the Ory Cloud CNAME feature.
which defaults to true and will set the cookie on the top level domain (e.g. app running on www.example.org -> cookie set on example.org). This should of course skip any domains that are known to host public things such as oryapis.com or other public TLDs. We can use a library for that, e.g.: https://github.com/thom4parisot/tld.js
As seen in https://github.com/ory/cloud/issues/53 we should, per default, set the cookie on the TLD instead of the current domain. This will prevent CORS errors and is what we also have done in the Ory Cloud CNAME feature.
Similar to
https://github.com/ory/integrations/blob/31bd234f1917b7bd66610cade08f6ed05d3c6c91/src/next-edge/index.ts#L71-L78
we should have an option
which defaults to true and will set the cookie on the top level domain (e.g. app running on
www.example.org
-> cookie set onexample.org
). This should of course skip any domains that are known to host public things such asoryapis.com
or other public TLDs. We can use a library for that, e.g.: https://github.com/thom4parisot/tld.js