I’m tearing my hair out. Please help! I have a user interface SPA app which is the frond end of an identity application. The application has a login API which sets an auth cookie. The SPA posts login credentials to a login API endpoint using a fetch function that has credentials: "include" because it expects a Set-Cookie header containing a session cookie in the response. It then redirects the browser to a callback endpoint on the same domain as the API which requires the session cookie in the payload.