https://supertokens.com/ logo
Title
r

rezaamya

01/09/2023, 1:04 PM
Hi; I am getting this error:
Error: Since your API and website domain are different, for sessions to work, please use https on your apiDomain and dont set cookieSecure to false.
My configuration is like this:
SESSION_MANAGEMENT_CONNECTION_URL="http://supertokens.myapp-development.svc:3567"
SESSION_MANAGEMENT_API_KEY="******-****-****-****-********"
SESSION_MANAGEMENT_APP_NAME="myapp"
SESSION_MANAGEMENT_API_DOMAIN="https://dev.my.app"
SESSION_MANAGEMENT_WEBSITE_DOMAIN="https://dev.my.app"
SESSION_MANAGEMENT_API_BASE_PATH="/api"
SESSION_MANAGEMENT_WEBSITE_BASE_PATH="/"
SESSION_MANAGEMENT_SESSION_SCOPE=".dev.my.app"
SESSION_MANAGEMENT_COOKIE_SECURE="true"
do you know what is the problem?
r

rp

01/09/2023, 1:07 PM
hey @rezaamya
can i see your supertokens.init code?
r

rezaamya

01/09/2023, 1:08 PM
I found out that when I am setting sameSite as 'none' this error will happen
r

rp

01/09/2023, 1:10 PM
right. You don't need to set the sameSite explicitly.
r

rezaamya

01/09/2023, 1:11 PM
I am running superTokens by this docker-compose.yml file:
version: '3'

services:
  db:
    image: 'postgres:14.5'
    environment:
      POSTGRES_USER: db_user
      POSTGRES_PASSWORD: dp_pass
      POSTGRES_DB: db_name
    networks:
      - supertokens_network
    restart: unless-stopped
    healthcheck:
      test: ['CMD', 'pg_isready -U supertokens_user']
      interval: 5s
      timeout: 5s
      retries: 5

  supertokens:
    image: registry.supertokens.io/supertokens/supertokens-postgresql:3.16
    depends_on:
      - db
    ports:
      - 3567:3567
    environment:
      POSTGRESQL_CONNECTION_URI: "postgresql://db_user:db_pass@db:5432/db_name"
      API_KEYS: **********-***-****-***********
      REFRESH_TOKEN_VALIDITY: 144000
      ACCESS_TOKEN_VALIDITY: 10
    networks:
      - supertokens_network
    restart: unless-stopped
    healthcheck:
      test: >
        bash -c 'exec 3<>/dev/tcp/127.0.0.1/3567 && echo -e "GET /hello HTTP/1.1\r\nhost: 127.0.0.1:3567\r\nConnection: close\r\n\r\n" >&3 && cat <&3 | grep "Hello"'
      interval: 10s
      timeout: 5s
      retries: 5

networks:
  supertokens_network:
    driver: bridge
I have an admin section that is on: admin.dev.my.app
r

rp

01/09/2023, 1:13 PM
sameSite lax should work for that too
r

rezaamya

01/09/2023, 1:14 PM
Aha, I will try and I will update you in minutes
With lax it is working, but only on get methods
r

rp

01/09/2023, 1:16 PM
you need to add the anti-csrf token for non get methods
you would have got this token in the response headers during sign in