https://supertokens.com/ logo
#support-questions
Title
# support-questions
n

Noobster123

07/17/2022, 6:13 PM
Hello, what should I put in the websiteDomain appInfo on the init method of supertokens-node if I want localhost and the actual website to be able to use the same auth server?
r

rp

07/17/2022, 6:15 PM
hey! You should put the actual website, and also set the cookieSameSite value to "none" in session.init (on the backend). Your local dev will mostly work, except for links for email verification, passworless magic link or reset password links, since they will be pointing to the value in the websitDomain (your actual website).
That being said, if you want theses links to work on local and prod, there are ways to get that too - via override of the emailDelivery config.
n

Noobster123

07/17/2022, 6:16 PM
Thanks rp! Speedy as always
@rp I read the docs on that option, is there an alternative where I don't lessen security?
r

rp

07/17/2022, 6:52 PM
adding sameSite none doesn't lessen the security. The backend SDK we provide will do anti-csrf checks to provide defence against CSRF attacks (which becomes a possibility from setting it to none)
Alternatively, you could use another server with the different config for dev.
We are working on changing how appInfo works to allow it to be more dynamic so that issues like this go away.
n

Noobster123

07/17/2022, 6:53 PM
Ah okay, thanks
2 Views