Maybe, can you explain what you trying to achieve? To avoid leagal issues?

I don't know, maybe my whole idea is wrong. I have a backend (localhost:8000) and NextJS instance (localhost:3000). My api endpoints set some cookies, like auth. But the only client that fetches data from the API is frontend! It works like this: Client -> Frontend -> Backend. So my API sets for example auth cookie not for the user it meant, but for my frontend instance. Am I wrong?

As far as your Client and Frontend (probably SSR, or server actions) on the same domain, the cookies should be available for both of them

So you say that the Client, which requested the page from frontend, would get all the cookies, while frontend not?

I'm talking about SSR and cases where backend data is needed for initial rendering of the page

Then backend would treat localhost:3000 as client and will send all the cookies to it

Am I wrong?

I see what you mean, you can just forward them in this case.

@darten is this a django api? Just guessing as you said port 8000

Probably next.js folks can clarify this topic much better, but rpc client should do it automatically.

Wrong : )

It's complex. I'm a beginner to frontend at all

I think in terms of backend

And I don't know how to actually "forward"

And most importantly, how to "forward" from client to api

Do you encouraging issue or you asking in case you not get the cookies?

I'm asking because I understand where the request is coming from (I can see the origin), and I understand that I send response during SSR, and that I send it along with cookies, to frontend server. I think the situation here is obvious. I don't really know how to solve it

I am more concerned about actually getting them from client ant giving to API, not from API to client (as you said, simply forward)

Im not using next.js that much to say for sure, but from the idea it should forward automatically, so you might be not including in fetch or something like that.

When submitting a fetch request, I just pass in the following:

fetch(input, {
        ...init,
        headers,
        credentials: "include", // Ensure cookies are sent
    });

So it is required to do this?

exactly, if ssr don't know to forward that bad news.

And to forward to client?

(Using SSR)

My auth won't work without it, the session cookie won't get sent or received

And how to set it to client?

Thats it, its auto there in dev tools with that set.

So i just have a wrapper round fetch that always sends it with it. And everything just works.

yes, or use axios it should do it out of the box

Forwarding to and from?

So this is a solution?