Using Clojure, how do a send session cookies to my frontend if the frontend is using a different port than my backend?

My Clojure back end is running on port 3000. The Svelte front end is running on port 5000. Both are running on localhost.

When I use ring.middleware.session.cookie's cookie-store function, everything works fine from webpages served from port 3000: the session cookie is delivered, the back end is able to read data from it, etc. However, when the back end receives requests from port 5000, the cookie is not set.

The :same-site attribute of the cookie that I'm trying to deliver is set to :lax. I have tried setting it to :nil and :none, but the site crashes because of an assertion error when the site tries to deliver the cookie.

The handler looks roughly like this:

(defn wrap-nocache [handler]
  (fn [request]
    (-> request
        handler
        (assoc-in [:headers "Pragma"] "no-cache"))))

(defn wrap-cors-header [handler]
  (fn [request]
    (-> request
        handler
        (assoc-in [:headers "Access-Control-Allow-Credentials"] "*")
        (assoc-in [:headers "Access-Control-Allow-Origin"] "*")
        (assoc-in [:headers "Access-Control-Allow-Headers"] "*"))))

(defn wrap-formats [handler]
  (-> handler
      (muuntaja/wrap-format)))

(defn wrap-base
  "This function takes care of all of the middleware."
  [handler]
  (-> handler
      wrap-nocache
      wrap-cors-header
      (wrap-defaults (-> site-defaults
                         (assoc-in [:security :anti-forgery] false)
                         (assoc-in [:session :store] (cookie-store
                                                      {:key my-secret-cookie-key}))
                         (assoc-in [:session :cookie-attrs :path] "/")
                         (assoc-in [:session :cookie-attrs :same-site] :lax)
                         (assoc-in [:session :cookie-name] "my-site-sessions")))
      wrap-formats
      wrap-reload))

The registration route calls a function that looks roughly like this:

(defn register!
  [request-map]
  (let [{:keys [username email password password-check]} (:body-params request-map)]
    (let [validation-result (validate-initial-login mydb username email password password-check)]
      (if (:valid validation-result)
        (do (let [new-player (db/create-player! mydb username email password)
                  email-verification (mail/send-verification-email mydb (:players/id new-player) site-top-level-uri)] 
              (-> (json-response (assoc validation-result :valid (map? new-player )))
                  (assoc-in [:session :logged-in] true)
                  (assoc-in [:session :player-id] (:players/id new-player)))))
        (-> (json-response validation-result)
            (assoc-in [:session :logged-in] false))))))

The JSON response from the latter function is fine. The email validation and the DB parts work fine. The only issue is that the cookie is not delivered when the front end tries to register the player for the first time.

One possible end-run around this problem is to use the Clojure back end to serve up all of the Svelte front end files so everything will be on the same port. But we would rather not have all of the front end static files be delivered by the same program that will be doing all of the back end work. Is there any reasonable way for us to avoid this?

Thank you for your assistance.