How to forward browser cookies & CSRF token into n8n Web-hook node for authenticated API calls?

I’m building an n8n chatbot workflow where I need to call our internal energy APIs that require two auth values from the browser request:
the session cookie (access_token) and
x-csrf-token.
These values are present in the browser request headers when the user is logged into our main app. I need to capture them in my frontend and forward them to n8n, so that n8n can use those same headers in its HTTP Request nodes to call the downstream protected API.
But when I send the request:

axios.post(“http://localhost:5678/webhook/energy-chat-bot”, body, {
headers: { “Content-Type”: “application/json” },
withCredentials: true
});

the browser throws a CORS error, and n8n does not receive any cookies.

I’m looking for guidance on:

1. How to properly allow cookies + custom headers (CSRF token) in n8n webhook CORS settings

2. How to safely capture these values in the webhook and forward them into the HTTP Request node

3. Whether n8n webhooks are expected to accept cookies in cross-origin POSTs with withCredentials

Essentially: Frontend → n8n Webhook → Internal API, with cookies + CSRF token preserved, but CORS currently blocks it.

Hey @Tejas_B_R ! Welcome to n8n!

1. n8n Environment Set ENV VARs N8N_SAMESITE_COOKIE=none, N8N_SECURE_COOKIE=true (requires HTlTPS), OR

   

   10000474041080×758 114 KB

2. Reverse Proxy Set CORS Headers Access-Control-Allow-Origin: <SPECIFIC_URL>, Access-Control-Allow-Credentials: true, and list custom headers like X-CSRF-Token.(if you use proxy).

3. Browser Set Request Flag Use withCredentials: true or credentials: ‘include’.

4. n8n Workflow Map Data Inspect Webhook output. Map cookies/tokens using expressions like {{ $json.headers[‘cookie’] }} into the subsequent HTTP Request node’s Headers.