diff --git a/package-lock.json b/package-lock.json
index 767b828e1..71f507400 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16832,6 +16832,11 @@
       "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz",
       "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM="
     },
+    "psl": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz",
+      "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ=="
+    },
     "pstree.remy": {
       "version": "1.1.8",
       "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz",
diff --git a/package.json b/package.json
index c69f910c9..1a66d717d 100644
--- a/package.json
+++ b/package.json
@@ -42,6 +42,7 @@
     "@extensionengine/tce-scorm": "github:ExtensionEngine/tce-scorm#85d39a8d73f303f",
     "@mdi/font": "^4.8.95",
     "@ungap/global-this": "^0.4.0",
+    "JSONStream": "^1.3.5",
     "auto-bind": "^3.0.0",
     "aws-sdk": "^2.814.0",
     "axios": "^0.21.1",
@@ -95,7 +96,6 @@
     "is-url": "^1.2.2",
     "joycon": "^2.2.5",
     "jquery": "^3.5.0",
-    "JSONStream": "^1.3.5",
     "jsonwebtoken": "^8.0.0",
     "jszip": "^3.2.2",
     "listr": "^0.14.3",
@@ -125,6 +125,7 @@
     "plyrue": "^2.1.4",
     "poi-preset-sass-resources": "^4.1.0",
     "promise-queue": "^2.2.3",
+    "psl": "^1.8.0",
     "randomstring": "^1.1.5",
     "read-pkg-up": "^7.0.0",
     "regenerator-runtime": "^0.13.3",
diff --git a/server/shared/storage/proxy/index.js b/server/shared/storage/proxy/index.js
index 652815d32..a42594d84 100644
--- a/server/shared/storage/proxy/index.js
+++ b/server/shared/storage/proxy/index.js
@@ -22,6 +22,10 @@ class Proxy {
     return this.provider.isSelfHosted;
   }
 
+  get host() {
+    return this.provider.host;
+  }
+
   get path() {
     return this.isSelfHosted && this.provider.path;
   }
diff --git a/server/shared/storage/proxy/mw.js b/server/shared/storage/proxy/mw.js
index ca46aaca3..5b43bad14 100644
--- a/server/shared/storage/proxy/mw.js
+++ b/server/shared/storage/proxy/mw.js
@@ -1,9 +1,11 @@
 'use strict';
 
+const config = require('../../../../config/server');
 const { FORBIDDEN } = require('http-status-codes');
 const miss = require('mississippi');
 const path = require('path');
 const router = require('express').Router();
+const psl = require('psl');
 
 module.exports = (storage, proxy) => {
   function getFile(req, res, next) {
@@ -22,8 +24,10 @@ module.exports = (storage, proxy) => {
     if (proxy.hasCookies(req.cookies, repositoryId)) return next();
     const maxAge = 1000 * 60 * 60; // 1 hour in ms
     const cookies = proxy.getSignedCookies(repositoryId, maxAge);
+    const { domain } = psl.parse(config.hostname);
+    const cookieOptions = { domain, maxAge, httpOnly: true };
     Object.entries(cookies).forEach(([cookie, value]) => {
-      res.cookie(cookie, value, { maxAge, httpOnly: true });
+      res.cookie(cookie, value, cookieOptions);
     });
     next();
   }
diff --git a/server/shared/storage/proxy/providers/local.js b/server/shared/storage/proxy/providers/local.js
index 0086993c1..e0e74cd02 100644
--- a/server/shared/storage/proxy/providers/local.js
+++ b/server/shared/storage/proxy/providers/local.js
@@ -24,6 +24,7 @@ class Local {
     this.signer = new NodeRSA(config.privateKey, 'private');
     this.isSelfHosted = true;
     this.path = PROXY_PATH;
+    this.host = urlJoin(origin, this.path);
   }
 
   static create(config) {
@@ -53,7 +54,7 @@ class Local {
   }
 
   getFileUrl(key) {
-    return urlJoin(origin, this.path, key);
+    return urlJoin(this.host, key);
   }
 
   getCookieNames() {