I have a Angular application as the frontend and a NestJS app as my API.I'm using Supabase and @supabase/ssr to handle the auth flow. The auth flow is the following:
I sign the user in via the provided createBrowserClient by @supabase/ssr. It automatically sets a cookie after successfully authenticating. After that I do my API calls as usual.
On localhost this works fine, the Authorization header and the Cookie header is being sent as you can see here:
Now, as I tried to do a cross-origin request by tunneling my backend via CloudFlare tunnels, the Cookie is not being sent anymore as you can see here:
This is the cookie.
As you can see here, it is Secure and SameSite is set to None. I've read so many threads and forums and everybody suggested that this would help. It didn't help me. Also on my NestJS app I already set app.use('trust proxy', 1). Also didn't help.
What can I try next?