Hello, what should I put in the websiteDomain appI...
# support-questionsn
Noobster123
07/17/2022, 6:13 PMHello, what should I put in the websiteDomain appInfo on the init method of supertokens-node if I want localhost and the actual website to be able to use the same auth server?
r
rp
07/17/2022, 6:15 PMhey! You should put the actual website, and also set the cookieSameSite value to "none" in session.init (on the backend).
Your local dev will mostly work, except for links for email verification, passworless magic link or reset password links, since they will be pointing to the value in the websitDomain (your actual website).
rp
07/17/2022, 6:16 PMThat being said, if you want theses links to work on local and prod, there are ways to get that too - via override of the emailDelivery config.
n
Noobster123
07/17/2022, 6:16 PMThanks rp! Speedy as always
Noobster123
07/17/2022, 6:51 PM@rp I read the docs on that option, is there an alternative where I don't lessen security?
r
rp
07/17/2022, 6:52 PMadding sameSite none doesn't lessen the security. The backend SDK we provide will do anti-csrf checks to provide defence against CSRF attacks (which becomes a possibility from setting it to none)
rp
07/17/2022, 6:53 PMAlternatively, you could use another server with the different config for dev.
rp
07/17/2022, 6:53 PMWe are working on changing how appInfo works to allow it to be more dynamic so that issues like this go away.
n
Noobster123
07/17/2022, 6:53 PMAh okay, thanks
2 Views