Right you are… there were CORS headers in my Caddyfile!
So now I no longer have CORS errors. However…
-
I’m still faced with the problem that the PHP session cookie is not being stored by the browser.
-
I thought I’d try it on Firefox but despite what it says here: Generate certificate for local development - #2 by francislavoie, Firefox does not recognise the certificate (although Chrome and Safari) do.