public/lucidAuth.setXDomainCookie.php

@@ -31,8 +31,6 @@
                     }))[0];
                     if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
                         header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
-                        header('Access-Control-Allow-Credentials: true');
-                        header('Access-Control-Max-Age: 86400');
                         header("HTTP/1.1 202 Accepted");
                         exit;
                     }

public/misc/script.iframe.js

@@ -0,0 +1,10 @@
+$(document).ready(function(){
+    $.post("lucidAuth.setXDomainCookie.php", {
+        do: "login",
+        ref: $('#ref').val()
+    })
+    .done(function(data,_status) {
+        if (data.Result === 'Success') {
+        }
+    });
+});

public/misc/script.index.js

@@ -41,11 +41,8 @@ console.log('CrossDomainLogin initiated');
                         var XHR = [];
                         cookieDomains.forEach(function(domain) {
                             XHR.push($.get({
-                                url: "https://auth." + domain + "/lucidAuth.requestCookie.php",
+                                url: "https://auth." + domain + "/lucidAuth.setXDomainCookie.php",
                                 crossDomain: true,
-                                xhrFields: {
-                                    withCredentials: true,
-                                },
                                 data: {
                                     ref: btoa(JSON.stringify({
                                         action: 'login',