Hello team, for my development environment api domain and website domain are same which is why sameSite is set to strict by the sdk . This makes it difficult for the testing purposes where the frontend localhost needs to consume backend development environments as it prevents because localhost is treated as third party . I read the docs and found out a way to manually set the cookieSameSite=None in the init which will solve the problem but will compromise the security as the system would be more prone to csrf attacks , is there any other recommended way to do it ?

hey @Tushar we never set the sameSite to strict on our own. Please check your session.init settings on the backend - maybe you have set it to that?

Even if its set to lax it won't allow all requests from localhost

well yea, there is no way around this. It's a browser behaviour

got it