<!-- Thanks for filing an issue on Apollo Client! Please make sure that you include the following information to ensure that your issue is actionable. If you don't follow the template, your issue may end up being closed without anyone looking at it carefully, because it is not actionable for us without the information in this template. **PLEASE NOTE:** Feature requests and non-bug related discussions are no longer managed in this repo. Feature requests should be opened in https://github.com/apollographql/apollo-feature-requests. --> **Intended outcome:** On my local environment everything works as expected. My cookie JWT is sent with every request to my apollo server. **Actual outcome:** But when I deploy to my development server things stop working. This is likely caused by CORS settings, but I could not find where I went wrong. **How to reproduce the issue:** Relevant client code: ``` const httpLink = createHttpLink({ uri: getEndpointUri(), credentials: 'include', fetch: !isBrowser ? fetch : undefined, }); ``` Relevant server code: ``` export function corsHandler() { const whitelist: string[] = process.env.DOMAIN_WHITELIST_CORS?.split(';') || []; const corsOptions: cors.CorsOptions = { origin: (origin, callback) => { if (!origin || process.env.CORS_OPTIONAL) { return callback(null, origin); } if (isInternalDeployment()) { return callback(null, origin); } if (whitelist.includes(origin)) { return callback(null, origin); } return callback(new ApolloError(`Url ${origin} Not allowed by CORS`)); }, credentials: true, }; return cors(corsOptions); } const app = express(); app.use(corsHandler()); const server = new ApolloServer({ typeDefs, resolvers, context, cache, introspection: process.env.DEPLOYMENT_ENV === 'development' || process.env.DEPLOYMENT_ENV === 'local' || process.env.DEPLOYMENT_ENV === 'test', apollo: { graphId: 'gv-academy', key: process.env.ENGINE_API_KEY, graphVariant: process.env.APOLLO_SCHEMA_TAG, }, dataSources, mocks: process.env.NODE_ENV === 'test', plugins, }); async function startServer() { try { await server.start(); server.applyMiddleware({ app, path: '/', cors: { origin: corsWhitelist, credentials: true, }, }); } catch (e) { // eslint-disable-next-line no-console console.error(e); process.exit(); } return server; } app.listen(port, async () => { await startServer(); // eslint-disable-next-line no-console console.log( `🛸 Server ready at http://localhost:${port}${server.graphqlPath}` ); }); ``` **Versions** Everything is running at the latest stable versions.