OAuth Same-Site Cookie Demo
🔍 Test Scenario
Frontend: Loading...
Backend: Loading...
Relationship: Cross-origin via reverse proxy
Goal: Validate that cookies set via XHR are available during top-level navigation
Step 1: OAuth Initialization PENDING
Send XHR to backend to set OAuth state cookie on api.a.de domain
Step 2: Simulate OAuth Callback PENDING
Navigate top-level to backend callback endpoint, which will redirect back to frontend with results
Will navigate to:
🔧 Debugging Tips
- Check browser DevTools → Application → Cookies for backend domain
- Look for "state" cookie with HttpOnly, SameSite=Lax attributes
- Network tab should show successful CORS preflight and actual request
- After callback navigation, check JSON response for hasCookie=true
- View backend logs below to see cookie validation process
🍪 Backend Cookie Validation (Live)