Client side cookie not being sent to server

System Information
  • Strapi Version: 3.6.2
  • Operating System: Ubuntu 20.04
  • Database: PostgreSQL
  • Node Version: 14.16.0
  • NPM Version: 7.12.0
  • Yarn Version: 1.22.10


My goal is to set a cookie (secure, samesite=“lax”) from a custom component in the admin panel so it is sent with every request to the strapi api via the content-manager. The cookie holds some admin user preferences that I would like to be read by a custom policy in the backend.

In my staging environment, where I serve both the strapi API and admin UI from the same domain (, I can do the above succesfully.

However in production, when I serve the strapi API at, and serve the Admin UI from netlify at the cookie is set but it isn’t sent with requests made via the content-manager. Also requests made via a local plugin using axios, send the cookie successfully.

I’ve set the cookie domain to “” and also tried “” but to no avail.

I’m using nginx as a reverse proxy in-front of the strapi app. Also, I’m using Cloudflare DNS to proxy my api server.

Does anyone have any idea what’s going on?

Here is my server.js in production:

module.exports = ({ env }) => ({
  host: env("HOST", ""),
  port:"PORT", 1337),
  proxy: true,
  url: env("API_URL", ""),
  admin: {
    auth: {
      secret: env("ADMIN_JWT_SECRET","53cr3t"),
    url: env("ADMIN_FRONTEND_URL", ""),
    serveAdminPanel: false,
    watchIgnoreFiles: ["**/todos/**"],
  cron: {
    enabled: true,

And here is my middleware.js:

module.exports = ({ env }) => ({
  settings: {
    cors: {
      origin: [
      headers: [
      credentials: true,
      expose: ["WWW-Authenticate", "Server-Authorization", "X-SLABS-LOCATIONS"],
    parser: {
      enabled: true,
      includeUnparsed: true,
    cache: {
      enabled: true,
      type: "redis",
      maxAge: 3600000,
      redisConfig: {
        host: env("REDIS_HOST", ""),
        port: env("REDIS_PORT", 6379),
      models: [
          model: "public/locations",
      enableEtagSupport: true,
      populateContext: true,
    "upload-plugin-cache": {
      enabled: true,
      maxAge: 86400000,
      dynamic: true,
      lruCache: {
        max: 1000,