PHP
(quick guide & example)
CORS FETCH TO SITE B fetch("https://site-b.com/", { mode : "cors", credentials : "include" });
GET REQUEST ORIGIN if (array_key_exists("HTTP_ORIGIN", $_SERVER)) { $o = $_SERVER["HTTP_ORIGIN"]; } else if (array_key_exists("HTTP_REFERER", $_SERVER)) { $o = $_SERVER["HTTP_REFERER"]; } else { $o = $_SERVER["REMOTE_ADDR"]; }
CHECK ALLOWED $o = parse_url($o, PHP_URL_HOST); if (!in_array($o, ["site-a.com", "site-b.com"])) { http_response_code(403); exit(); }
PROCEED SET COOKIE header("Access-Control-Allow-Origin: $origin"); header("Access-Control-Allow-Credentials: true"); setcookie("It", "Works", [ "expires" => time()+3600, "path" => "/", "domain" => ".site-b.com", "secure" => true, "samesite" => "None" ]); echo "OK";