Renamed file to reflect actual purpose

public/lucidAuth.requestCookie.php

@@ -31,6 +31,8 @@
                     }))[0];
                     if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
                         header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+                        header('Access-Control-Allow-Credentials: true');
+                        header('Access-Control-Max-Age: 86400');
                         header("HTTP/1.1 202 Accepted");
                         exit;
                     }

public/misc/script.iframe.js

@@ -1,10 +0,0 @@
-$(document).ready(function(){
-    $.post("lucidAuth.setXDomainCookie.php", {
-        do: "login",
-        ref: $('#ref').val()
-    })
-    .done(function(data,_status) {
-        if (data.Result === 'Success') {
-        }
-    });
-});

public/misc/script.index.js

@@ -41,8 +41,11 @@ console.log('CrossDomainLogin initiated');
                         var XHR = [];
                         cookieDomains.forEach(function(domain) {
                             XHR.push($.get({
-                                url: "https://auth." + domain + "/lucidAuth.setXDomainCookie.php",
+                                url: "https://auth." + domain + "/lucidAuth.requestCookie.php",
                                 crossDomain: true,
+                                xhrFields: {
+                                    withCredentials: true,
+                                },
                                 data: {
                                     ref: btoa(JSON.stringify({
                                         action: 'login',