I am trying to set a cookie which has my auth token in it. I can see it being returned in the response header set-cookie: xxxxxx but for whatever reason, the browser is not storing the cookie.

On my react front end http://app1.dev:3001 I am making an POST api call as such:

return axios.get(

  `${apiUrl}/info`,

  { withCredentials: true }

)

.then(res => res.data)

.catch(console.error)

And I have a simple Koa server running on http://localhost:3000

const Koa = require(koa)

const Router = require(koa-router)

const bodyParser = require(koa-bodyparser)

const cors = require(@koa/cors)

const axios = require(axios)

const env = require(./env)

const KeyGrip = require(keygrip)



const app = new Koa()

const router = new Router()

const port = env(port)



const keyList = [xxxxxxx,]

app.keys = new KeyGrip(keyList, sha256)



router.get(/info, ctx => {

  console.log('req', ctx.req)

  ctx.cookies.set(token, test_token, { signed: true, httpOnly: true })

  ctx.body = { ok: true }

})



const corsOptions = {

  origin: ctx => ctx.request.header.origin,

  credentials: true

}



app

  .use(cors(corsOptions))

  .use(bodyParser())

  .use(router.routes())

  .use(router.allowedMethods())



app.listen(port, () => console.info(`Listening on port ${port}`))

I suspect it is not being set because it is cross domain. when I use http://localhost:3001 for my front end the cookie gets set fine.

Why are the cookies not being set in browser? Any help would be greatly appreciated.