When being in a CORS environment and receiving Cookies by headers in order to be able to send them back in following request the setCredentials flag has to be set on true, see explanation here :

https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Requests_with_credentials

A concrete use case, is using a JEE decured backend using a JSESSIONID, if the client App is using cross site XMLHttpReques invocations, by default the cookie won't be part of the request.

By extending the available options that we pass to a Pipe or Auth in ag.js, for instance xhrFields:

, we cover this situation.