Cross-Site Cookie/CORS Mismatch

A recurring cross-site integration shape where mismatched protocol/origin settings cause cookies or preflight responses to be rejected (SameSite not None+Secure, missing Access-Control-Allow-Origin), leading to frontend fetch failures after deployment.