Do I need to set credentials: include? If yes, how?

[yaohongkok]

I have a Collector running on b.example.com. I have turned on CORS on my Collector and I have a custom authenticator that reads cookie from the request headers.

I have a frontend JS app running on a.example.com. It uses OpenTelemetry JS to send observability data (logs, metrics or traces) to the collector via b.example.com. I have an authentication token (Same Site: None & Secure) that lives in a.example.com. This cookie is valid for .example.com.

When I sent my observability data using OpenTelemetry JS to the collector (b.example.com), all of my cookies on a.example.com are not being attached to the request by the browser. Various resources cited the need to use 'credentials: include' in the fetch or XMLHttpRequest.

Looking at this source code, it does not seem like there is an easy to include the option 'credentials: include' into the OTLP Exporters (in OTel JS). Can someone tell me how this can be done using OTel JS?

If I am missing something, please let me know as well.