My React app (from
react-app.com) is embedded in the website
beautiful-site.com, but the requests sent from the React app don’t include the associated session cookie.
I have a workaround that involves adding the following headers to the server and XHR requests sent from the React app with
Access-Control-Allow-Origin: https://beautiful-site.com Access-Control-Allow-Credentials: true
However, this limits me to specifying a particular site in
Access-Control-Allow-Origin, as the React app will be embedded in multiple sites.
Is there any way to ensure the session cookie is always sent from the React app?