Hi, cookie based auth is not working on desktop Sa...
# support-questions-legacyt
tom-glyphic
04/18/2023, 10:03 AMHi, cookie based auth is not working on desktop Safari, is that expected?
tom-glyphic
04/18/2023, 10:03 AMThe signin request works, and we see the cookie being sent in subsequent requests, but they fail to authenticate
tom-glyphic
04/18/2023, 10:05 AMSample debug log output:
https://cdn.discordapp.com/attachments/1097824596318765088/1097825110729162792/message.txt
tom-glyphic
04/18/2023, 10:07 AMIt's the case that our api domain and website domain are different, is the solution to switch to header based auth? https://github.com/supertokens/supertokens-core/issues/280
r
rp_st
04/18/2023, 10:08 AMyup. You need to switch to using header based auth
rp_st
04/18/2023, 10:08 AMsince safari doesn't allow cross site cookies, even with sameSite as
nonet
tom-glyphic
04/18/2023, 10:09 AMOK thanks, are there any downsides from using the header based auth? I see it's not the recommended method
r
rp_st
04/18/2023, 10:10 AMit's less secure since the access and refresh tokens are exposed to frontend JS
rp_st
04/18/2023, 10:10 AMbut we do refresh token rotation, so it's such a big issue anyway
t
tom-glyphic
04/18/2023, 10:13 AMOK thanks!
13 Views