Cross-source data stores access
data stored in browsers, such as localStorage and IndexedDB, are split by source. Each source has its own separate storage space, and Javascript scripts in one source cannot read or write data belonging to other sources.

Cookies uses different source definition methods. A page can set cookie, for the local domain and any parent domain as long as the parent domain is not the public suffix (public suffix). Firefox and Chrome use Public Suffix List to determine whether a domain is a common suffix (public suffix). Internet Explorer uses its own internal methods to determine whether the domain is a public suffix. No matter which protocol (HTTP/HTTPS) or port number is used, the browser allows the given domain and any of its subdomain names (sub-domains) to access the cookie. When setting up cookie, you can use Domain,Path,Secure, and Http-Only tags to limit its accessibility. When you read cookie, you don't know where it came from. Even if you only use a secure https connection, any cookie you see may be set up with an insecure connection.

so you cannot cross domains

reason Ruan Yifeng browser homology policy and its circumvention methods

MDN Same-origin policy