hey! You should put the actual website, and also set the cookieSameSite value to "none" in session.init (on the backend).
Your local dev will mostly work, except for links for email verification, passworless magic link or reset password links, since they will be pointing to the value in the websitDomain (your actual website).