I have a PHP script running in domain B that generates some JS when called.
The idea is that on a given html page I can:
<script src="http://b.domain/myscript.php"></script>
Therefore, when the page loads, the script is called and JS is created and launched on the local page.
The problem is that myscript.php depends on domain B cookies. If I find http: //b.domain/myscript.php in my address bar, the script works fine and I see JS text in the browser window.
But when I include the quoted line above on a web page running on another web server, name it A, it does not work. JS is still generated, but incorrect, since none of the cookies are available for the script.
So, in short, access to the script directly, cookies are available, everything is fine. Access the script by calling from a page served from another domain and it does not have access to cookies.
I don’t understand why, in a script call running in domain B, the browser does not seem to send cookies B?
source
share