Cookie set on root domain not available to subdomain - what am I doing wrong?

Question

Client hosted on subdomain.example.com makes api call to example.com to fetch a cookie. The response has a Set-cookie header and I see the cookie as being returned alright:

However, I don't see the cookie saved in the Browser (Chrome, Firefox, Edge) and, as a result, is not sent as a header in subsquent API requests:

Set-cookie domain attribute is set to .example.com, but as I read in MDN I think the trailing dot gets ignored.

The cookie in question, by the way, is the csrf token secret set by the csurf library.

What am I doing wrong? I have been troubleshooting for 3 evenings now, I don't have a clue yet. seems to be same question as [0] but that one is unanswered. Thanks!

[0] Set cookie from subdomain to root domain and all subdomains

Answer 1

Clearly I didn't have a good enough understanding of cors - [0] put me on the right track. It was due to not doing doing the AJAX request with withCredentials client side and credentials: true because I am setting an origin since server in example.com in not the same as subdomain.example.com. Hope it is helpful

[0] https://stackoverflow.com/a/60142012/3630417