why my cookies is passed to server?

#software-engineering this is my astro api end point ```js import type { APIRoute } from "astro"; import { decode } from "@/utils/encode"; export const GET: APIRoute = ({ request, cookies }) => { // check the cookies of the auth to see if the user is authenticated // console.log(request); console.log(cookies); const session = cookies.get("_session", { decode }); console.log(session); return new Response("Hello, world!"); }; export const POST: APIRoute = GET; ``` this is my frontend ```html <form action="/api/tracking-record" method="POST"> <Button type="submit">Export</Button> </form> ``` I cannot get the cookies. It seems like the cookies is not pass to the request by default... is that true that I need to inject the cookies every time? ## Answer In server-side frameworks, including those used with Astro, the handling of cookies in API requests can vary based on the configuration and the nature of the request. When a browser sends an HTTP request as a result of a form submission (like your POST request from the form), it should automatically include cookies that are set for the domain. However, there are several factors that can affect this: 1. **Same-Origin Policy**: Browsers enforce same-origin policy. If your API endpoint is on a different domain or subdomain than your frontend, cookies may not be automatically sent. 2. **Cookie Attributes**: Attributes of the cookie, such as `HttpOnly`, `Secure`, and `SameSite`, can affect whether the cookie is included in requests. For example, cookies with `SameSite=Lax` or `SameSite=Strict` will not be sent with cross-site requests. 3. **Cookie Path**: If the path attribute of the cookie is set to something other than the root (`/`), it will be sent only on requests to URLs that match that path. 4. **HTTP vs HTTPS**: If your cookie is set with the `Secure` attribute, it will only be included in requests over HTTPS. 5. **Client-Side JavaScript**: If you're making requests via JavaScript (like using `fetch` or `XMLHttpRequest`), you need to explicitly set the `credentials` option to `include` to send cookies. Since you're using a standard form submission, if your frontend and API endpoint are on the same domain, and assuming the cookies are set for that domain with the correct path, the cookies should be automatically included in the request. If you find that cookies are not being sent, check the cookie attributes and the request's origin. Additionally, ensure that your server-side code is correctly configured to read cookies from incoming requests. If you're still facing issues, it might be necessary to investigate the specific configuration of your Astro project, the way cookies are set, and the network requests (you can check these in the browser's developer tools under the Network tab). > [!tip] > Turns out I forget to export the `prerender: false` flag in the api route and therefore I cannot receive the request object.