Zephr User Guide

Cross-domain Cookies in JavaScript Deployments

8 views 0

If you are using cross-domain cookies in a JavaScript deployment, the cookies cannot be set because the domain for the cookies does not match the Origin.

There are two approaches that can be used to mitigate cross-domain issues, as follows:

  • Use the standard Zephr process, which must be repeated before going live
  • Use the optimised process, which does not need to be repeated. However, a proxy rule might need to be implemented on the server to change the Origin domain to the actual API endpoint and preserve the path used in Zephr

Standard Process

To mitigate these issues using the standard process, complete the following steps:

  1. Use the explicit cdnAPI endpoint configuration from the JavaScript run() method
  2. Add a .cdn..com subdomain

    For example, if using Arc XP, you could add a subdomain called latestnews.cdn.arcpublishing.com
  3. Add the subdomain as an extra site domain in the Admin Console

    For further information on adding an extra site domain, see the Go-live Guide topic.
  4. Configure a CNAME record for the domain, which points to the Zephr API endpoint, {yoursite}.cdn.zephr.com

    For example, for the site named above, you would configure the CNAME record as follows:

    latestnews.cdn.arcpublishing.com canonical name = latestnews.cdn.zehr.com
    

Note: When repeating this process before going live, you must add another production subdomain. For example, latestnews.newspaper.com.

Optimised Process

To mitigate these issues using the optimised process, complete the following steps:

  1. Remove the explicit cdnAPI endpoint configuration from the JavaScript run() method

    This means that API calls are made using the Origin as a destination, as shown in the following example Request URLs:

    • https://latestnews.cdn.arcpublishing.com/zephr/feature
    • https://latestnews.cdn.arcpublishing.com/zephr/feature-decisions
  2. The requests are received by the server and a proxy rule applied

    The configured proxy rule changes the Origin to the actual API endpoint and path used in Zephr, as shown in the following example Request URLs:

    • https://latestnews.cdn.zephr.com/zephr/feature
    • https://latestnews.cdn.zephr.com/zephr/feature-decisions