Hey @rp Need your help with something. So we use AWS apmplify to deploy and preview our frontend build and it has different URL's for different PR's of the type(https://pr-number.xyz.amplifyapp.com), so with supertokens we are unable to get the PR previews to work.(Since i guess we need to provide the website url to the backend SDK at the time of initialization) Any thoughts on this?

Hey!

yeah on the frontend we did that

Is the backend a separate service on a different domain? Or is it on the same same URL?

domain is same for the backend.

Is there some env var which is exposed by aws to get the URL?

Hey @rp Jumping in here. (I work with @showtim3 )

Hey!

So the scenario is that aws amplify does a deployment for each PR which we raise since a deployment is done for each PR, the urls are different. something like

pr-${xyz}.abc.amplifyweb.com

You just need to be able to set the correct values for websiteDomain on the frontend and backend, and it should all work fine

So the backend remains the same.

right.. so that may be an issue for now. We are working on something to make it more dynamic, but until then, you can set the websiteDomain to just be the prod one. This will only affect the links for passwordless login / reset password and email verification

alright cokieSameSite seems like the way to go. Any idea on security implications of this?

It would work just fine - since we do automatic anti-csrf protection in this case.

Great. Thanks.