I have two projects, both of them using Docker in local environment: frontend is :3000 and backend is (:443)

Backend has an API made with ApiPlatform, Lexik JWT and NelmioCors: everything is working and the /api/authentication returns 200 and sets and http-only cookie in the server.

When frontend tries to access to this endpoint, everything's fine and it receives the header set-cookie with JWTToken=xxxxx

I don't receive any message about cors problem, everything works fine and I get a 200 response in the frontend.

But browser doesn't store the cookie.

If I try the endpoint in the swagger page of ApiPlatform, works fine and the cookie is stored.

In NextJS I have written { withCredentials: true }, and I can see the logs in the backend with the access:

async function login() {
    console.log('Login');
    const email = process.env.NEXT_PUBLIC_API_EMAIL;
    const password = process.env.NEXT_PUBLIC_API_PASSWORD;
    await apiClient.post(`${process.env.NEXT_PUBLIC_API_URL}/authentication`, {
        email: email,
        password: password,
    });
}

Here you receive set-cookie header:

apiClient.interceptors.response.use(
    function (response) {
        console.log('Interceptor for response successful in ' + response.headers["set-cookie"]);
        return response;
    },........

NextJs access to the endpoint on the url https://container_service_name because I can't use there the domain name.

What am I fetting?