hi, i have a problem with Supertokens. i don’t und...
# support-questions
i
hi, i have a problem with Supertokens. i don’t understand how to set cookies when backend is on https and frontend is on http. when both services are on https or http everything works fine. i have tried to set on backend cookieSecure: false and cookieSameSite: 'none' but i had this error: "Since your API and website domain are different, for sessions to work, please use https on your apiDomain and dont set cookieSecure to false.". can you help me understand how it works?
r
hey! are you using http://localhost on the frontend or a different domain?
i
yeah, localhost on frontend and https server on backend
r
hmm
can you enable debug logging on the frontend and backend and show me the output when you call the sign in API? Also, a screenshot of the set-cookies headers in the API response (as seen on chrome)
i
the signin api return the cookies, but all the others api called by the frontend (ex. auth/user/email/verify) don't have the cookies in the request. the problems for the screenshot is that i can't init the backend if i set that cookieSecure: false and cookieSameSite: 'none'
r
you shouldnt set cookieSecure as false.
since your API is on https.
also, you shouldnt set cookieSameSite as none -> just give the right API and website domain values in the appInfo object and the SDK will figure out the right cookies settings
i
ok, but i need to reach my api backend from both my dev environment frontend on https and my localhost frontend. i can't set only one in website domain. i understood that the websiteDomain property was usefull only to set links in emails
r
i see. then you can set cookieSameSite as none on the session.init. With this setting, you should be able to send me the requested screenshot
i
ok, i'm deploying to send you screenshot
when i set only cookieSameSite as none without cookieSecure as false. it works! No need to screenshot! 😄 Ty
i can use cookies both from dev env and localhost
r
great!
50 Views