Depends_on changelog

Pomerium now supports Additional Login Redirect Hosts to solve cross-origin authentication challenges in modern web applications. Cross-origin fetch requests often fail if the browser hasn't set a session cookie for the target domain—especially during the initial login flow. This new feature ensures seamless authentication across multiple domains.

Highlights:

Pre-established sessions – By specifying other routes a route depends on, Pomerium performs additional logins during authentication to set session cookies across up to five domains. No more broken fetch calls or manual visits to subdomain APIs.

Invisible to users – The dependency chain executes during the OAuth flow with seamless redirects. Users experience a single login that authenticates them across all necessary domains automatically.

No CORS workarounds – Eliminates the need for proxying API calls through the primary domain or requiring users to manually hit multiple subdomains. Cross-origin requests just work once the session is established.

Route-level control – Define authentication dependencies at the route level using the new pomerium_additional_hosts query parameter. Perfect for frontend/backend splits and multi-subdomain architectures.

See the docs for more information on configuring cross-origin authentication dependencies!