Hello, what should I put in the websiteDomain appI...
# support-questions-legacyf
fasterthanlight._
07/17/2022, 6:13 PMHello, what should I put in the websiteDomain appInfo on the init method of supertokens-node if I want localhost and the actual website to be able to use the same auth server?
r
rp_st
07/17/2022, 6:15 PMhey! You should put the actual website, and also set the cookieSameSite value to "none" in session.init (on the backend).
Your local dev will mostly work, except for links for email verification, passworless magic link or reset password links, since they will be pointing to the value in the websitDomain (your actual website).
rp_st
07/17/2022, 6:16 PMThat being said, if you want theses links to work on local and prod, there are ways to get that too - via override of the emailDelivery config.
f
fasterthanlight._
07/17/2022, 6:16 PMThanks rp! Speedy as always
fasterthanlight._
07/17/2022, 6:51 PM@rp_st I read the docs on that option, is there an alternative where I don't lessen security?
r
rp_st
07/17/2022, 6:52 PMadding sameSite none doesn't lessen the security. The backend SDK we provide will do anti-csrf checks to provide defence against CSRF attacks (which becomes a possibility from setting it to none)
rp_st
07/17/2022, 6:53 PMAlternatively, you could use another server with the different config for dev.
rp_st
07/17/2022, 6:53 PMWe are working on changing how appInfo works to allow it to be more dynamic so that issues like this go away.
f
fasterthanlight._
07/17/2022, 6:53 PMAh okay, thanks
2 Views