I have this setting:
- html page at https://foo.bar.example.com
- with a cookie for the domain .example.com
- with a javascript doing an ajax get to retrieve a json from https://baz.example.com
specifically, I'm using jquery and doing a $.ajax("https://baz.example.com/.../resource.json")
I expected the ajax call to send the cookie to the server, but nothing is sent. If I add the option xhrFields: { withCredentials: true } to the jquery method I succesfully see the cookie sent, but I was expecting that this was not necessary.
Why is foo.bar.example.com a different domain from baz.example.com?
Why isn't the cookie shared? if I do a "manual" get opening the JSON url with the browser from a different tab I see the cookie is sent.
