Hello what should I put in the websiteDomain appInfo on the

Question

Hello what should I put in the websiteDomain appInfo on the init method of supertokens node if I want localhost and the actual website to be able to use the same auth server

rp · Answer

hey You should put the actual website and also set the cookieSameSite value to none in session init on the backend Your local dev will mostly work except for links for email verification passworless magic link or reset password links since they will be pointing to the value in the websitDomain your actual website

rp · Answer

That being said if you want theses links to work on local and prod there are ways to get that too via override of the emailDelivery config

Noobster123 · Answer

Thanks rp Speedy as always

Noobster123 · Answer

< rp> I read the docs on that option is there an alternative where I don t lessen security

rp · Answer

adding sameSite none doesn t lessen the security The backend SDK we provide will do anti csrf checks to provide defence against CSRF attacks which becomes a possibility from setting it to none

rp · Answer

Alternatively you could use another server with the different config for dev

rp · Answer

We are working on changing how appInfo works to allow it to be more dynamic so that issues like this go away

Noobster123 · Answer

Ah okay thanks