hi, i have a problem with Supertokens. i don’t understand how to set cookies when backend is on https and frontend is on http. when both services are on https or http everything works fine. i have tried to set on backend cookieSecure: false and cookieSameSite: 'none' but i had this error: "Since your API and website domain are different, for sessions to work, please use https on your apiDomain and dont set cookieSecure to false.". can you help me understand how it works?

hey! are you using http://localhost on the frontend or a different domain?

yeah, localhost on frontend and https server on backend

hmm

the signin api return the cookies, but all the others api called by the frontend (ex. auth/user/email/verify) don't have the cookies in the request. the problems for the screenshot is that i can't init the backend if i set that cookieSecure: false and cookieSameSite: 'none'

you shouldnt set cookieSecure as false.

ok, but i need to reach my api backend from both my dev environment frontend on https and my localhost frontend. i can't set only one in website domain. i understood that the websiteDomain property was usefull only to set links in emails

i see. then you can set cookieSameSite as none on the session.init. With this setting, you should be able to send me the requested screenshot

ok, i'm deploying to send you screenshot

great!