PHP

HOW TO SET CORS COOKIES IN PHP

(quick guide & example)

CORS FETCH TO SITE B fetch("https://site-b.com/", {   mode : "cors",   credentials : "include" });

SITE A - FETCH CALL TO SITE B

01

GET REQUEST ORIGIN  if (array_key_exists("HTTP_ORIGIN", $_SERVER)) { $o = $_SERVER["HTTP_ORIGIN"]; } else if (array_key_exists("HTTP_REFERER", $_SERVER)) { $o = $_SERVER["HTTP_REFERER"]; } else { $o = $_SERVER["REMOTE_ADDR"]; } 

SITE B - SET CORS COOKIE (A)

02

CHECK ALLOWED $o = parse_url($o, PHP_URL_HOST); if (!in_array($o, ["site-a.com", "site-b.com"])) { http_response_code(403); exit(); }

PROCEED SET COOKIE header("Access-Control-Allow-Origin: $origin"); header("Access-Control-Allow-Credentials: true"); setcookie("It", "Works", [   "expires" => time()+3600,   "path" => "/",   "domain" => ".site-b.com",   "secure" => true,   "samesite" => "None" ]); echo "OK";

SITE B - SET CORS COOKIE (B)

03