Jack Spiva

Would this work in the reverse situation? Where the Rails app is on a subdomain and the primary domain is pointing to a frontend app?

Would this work for authenticating from non Rails app on a subdomain? For example if we have a Rails app hosted at foo.com, and then a Next.js app on bar.foo.com, could the Rails app authenticate API requests coming from bar.foo.com using the session cookie?