Cookies in iframe of Apps are showing up in zendesk.com

i have setup a localhost server of my app running on https://localhost:3000,

I have a localhost app for Zendesk which is running on https://localhost:4567(running using

zcli apps:server) and in my manifest the landing page URL is pointing to localhost:3000. 

//Manifest file, only pasting the location property.

"location": {
     "support": {
         "ticket_sidebar": {
             "url": "http://localhost:3000",
             "flexible": true,
             "size" : {
                        "height": "420px"
                  }
            }
    }
}

The issue is after authentication i am setting my auth token in the cookies, which is used to authenticate all the apis, but when i open the DevTools to see the cookies i am seeing that the cookies for my application(localhost:3000) is coming under the *.zendesk.com which is not expected. due to this my authentication is not working.

I wanted to understand how can cookies from different origin(localhost:3000) be present in another origin(*.zendesk.com)(localhost:3000 is opened in an iframe which is present in *.zendesk.com) , my apis are not able to get the token as there is none present in the cookies of localhost:3000.


Is this due to the fact that my ZAF app is also running on localhost:4567, even then the origin is different due to difference in port no., in any of the case the cookies should not reflect under *.zendesk.com.