Cross-domain Cookies in JavaScript deployments
If you are using cross-domain cookies in a JavaScript deployment, the cookies cannot be set because the domain for the cookies does not match the Origin.
There are two approaches that can be used to mitigate cross-domain issues, as follows:
- Use the standard Zephr process, which must be repeated before going live
- Use the optimised process, which does not need to be repeated. However, a proxy rule might need to be implemented on the server to change the Origin domain to the actual API endpoint and preserve the path used in Zephr
Standard Process
To mitigate these issues using the standard process, complete the following steps:
- Use the explicit
cdnAPIendpoint configuration from the JavaScriptrun()method - Add a <subdomain>.cdn.<server>.com subdomain
For example, if using Arc XP, you could add a subdomain called latestnews.cdn.arcpublishing.com - Add the subdomain as an extra site domain in the Admin Console
For further information on adding an extra site domain, see the Go-live Guide topic. - Configure a CNAME record for the domain, which points to the Zephr API endpoint, {yoursite}.cdn.zephr.com
For example, for the site named above, you would configure the CNAME record as follows:latestnews.cdn.arcpublishing.com canonical name = latestnews.cdn.zehr.com
Note: When repeating this process before going live, you must add another production subdomain. For example, latestnews.newspaper.com.
Optimised Process
To mitigate these issues using the optimised process, complete the following steps:
- Remove the explicit
cdnAPIendpoint configuration from the JavaScriptrun()methodThis means that API calls are made using the Origin as a destination, as shown in the following example Request URLs:
- The requests are received by the server and a proxy rule applied
The configured proxy rule changes the Origin to the actual API endpoint and path used in Zephr, as shown in the following example Request URLs: