Cors does not work on localhost. Why does my http://localhost CORS origin not work?
Cors requires special settings on fetch, so that cookies are allowed. Set cookies for cross origin requests
Cors allows only some headers to be read. Reading response headers with Fetch API
So for locale development it is strongly advised to use a reverse proxy with https enabled. Then you have to set in the cors settings:
app.use('*', cors({
origin: 'https://your-reverse-proxy-domain.com',
allowHeaders: ['Set-Cookie'],
exposeHeaders: ['Set-Cookie'],
credentials: true,
}));
Then in your fetch you need to add
const res = await fetch('https://your-api-domain.com', {
method: 'POST',
credentials: 'include',
});
And in the cookie you need
setCookie(c, 'cookie_name', 'payload', {
sameSite: 'None',
secure: true,
httpOnly: true,
});
And then you should test with different browsers.