SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hello team, for my development environment **api domain** and **website domain** are same which is why sameSite is set to strict by the sdk .
This makes it difficult for the testing purposes where the frontend localhost needs to consume backend development environments as it prevents because localhost is treated as third party . 
I read the docs and found out a way to manually set the cookieSameSite=None in the init which will solve the problem but will compromise the security as the system would be more prone to csrf attacks , is there any other  recommended way to do it ?

hey <@1154415150711971890> we never set the sameSite to strict on our own. Please check your session.init settings on the backend - maybe you have set it to that?

Even if its set to lax it won't allow all requests from localhost

well yea, there is no way around this. It's a browser behaviour

you can switch to using header based auth instead.