https://supertokens.com/ logo
Title
c

Chunkygoo

10/18/2022, 5:46 AM
I am getting an error when I do not explicitly set cookie_domain="localhost"
com.supertokens {"t": "2022-10-18T05:44:50.762Z", "sdkVer": "0.11.0", "message": "middleware: Started", "file": "supertokens.py:536"}

com.supertokens {"t": "2022-10-18T05:44:50.762Z", "sdkVer": "0.11.0", "message": "middleware: Not handling because request path did not start with config path. Request path: /users/interest/1", "file": "supertokens.py:543"}

com.supertokens {"t": "2022-10-18T05:44:50.762Z", "sdkVer": "0.11.0", "message": "getSession: Started", "file": "recipe/session/recipe_implementation.py:241"}
com.supertokens {"t": "2022-10-18T05:44:50.762Z", "sdkVer": "0.11.0", "message": "getSession: rid in header: False", "file": "recipe/session/recipe_implementation.py:243"}

com.supertokens {"t": "2022-10-18T05:44:50.762Z", "sdkVer": "0.11.0", "message": "getSession: request method: DELETE", "file": "recipe/session/recipe_implementation.py:246"}

com.supertokens {"t": "2022-10-18T05:44:50.762Z", "sdkVer": "0.11.0", "message": "getSession: Value of doAntiCsrfCheck is: True", "file": "recipe/session/recipe_implementation.py:280"}

com.supertokens {"t": "2022-10-18T05:44:50.763Z", "sdkVer": "0.11.0", "message": "getSession: Returning TRY_REFRESH_TOKEN because custom header (rid) was not passed", "file": "recipe/session/session_functions.py:150"}

com.supertokens {"t": "2022-10-18T05:44:50.764Z", "sdkVer": "0.11.0", "message": "errorHandler: Started", "file": "supertokens.py:610"}

com.supertokens {"t": "2022-10-18T05:44:50.764Z", "sdkVer": "0.11.0", "message": "errorHandler: Error is from SuperTokens recipe. Message: anti-csrf check failed. Please pass 'rid: "anti-csrf"' header in the request, or set doAntiCsrfCheck to false for this API", "file": "supertokens.py:611"}

com.supertokens {"t": "2022-10-18T05:44:50.764Z", "sdkVer": "0.11.0", "message": "errorHandler: Checking recipe for match: session", "file": "supertokens.py:622"}

com.supertokens {"t": "2022-10-18T05:44:50.764Z", "sdkVer": "0.11.0", "message": "errorHandler: Matched with recipeID: session", "file": "supertokens.py:628"}

com.supertokens {"t": "2022-10-18T05:44:50.764Z", "sdkVer": "0.11.0", "message": "errorHandler: returning TRY_REFRESH_TOKEN", "file": "recipe/session/recipe.py:245"}

com.supertokens {"t": "2022-10-18T05:44:50.764Z", "sdkVer": "0.11.0", "message": "Sending response to client with status code: 401", "file": "utils.py:134"}
If I set cookie domain it works just fine
nextjs frontend sending a request to a protected api
r

rp

10/18/2022, 6:10 AM
localhost is not a valid value for cookie_domain
c

Chunkygoo

10/18/2022, 6:17 AM
When I add it, it works
if i do not add it, it fails
r

rp

10/18/2022, 6:27 AM
right. My bad. Then you should add it
c

Chunkygoo

10/18/2022, 6:29 AM
Shouldn't supertokens work without adding it?
r

rp

10/18/2022, 6:30 AM
well, if you want to share cookies across different localhost ports, you need to add it
c

Chunkygoo

10/18/2022, 6:39 AM
I see
So using different ports mean I would have to add it?
what about in prod where I have www.x.com and api.x.com
r

rp

10/18/2022, 6:40 AM
then you will have to add
.x.com
as the value of
cookie_domain
c

Chunkygoo

10/18/2022, 6:44 AM
But www.x.com is not using cookie_domain though
I decided to give up server side rendering and only use client side rendering for auth-needed actions
If I do not add a cookie domain, the default which is api.x.com will be used. And the cookies will be sent by the browser to api.x.com right?
r

rp

10/18/2022, 6:46 AM
yes
c

Chunkygoo

10/18/2022, 6:48 AM
But on localhost that is not the case?