synapse-admin/docs/cors-credentials.md

CORS Credentials

If you'd like to use cookie-based authentication (for example, ForwardAuth with Authelia), you can configure the corsCredentials option in the config.json file or in the /.well-known/matrix/client file.

Configuration

Documentation on MDN

The corsCredentials option accepts the following values:

• same-origin (default): Cookies will be sent only if the request is made from the same origin as the server.
• include: Cookies will be sent regardless of the origin of the request.
• omit: Cookies will not be sent with the request.

Configuration options

config.json

{
  "corsCredentials": "include"
}

/.well-known/matrix/client

{
  "cc.etke.synapse-admin": {
    "corsCredentials": "include"
  }
}