Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
r
rezaamya
01/09/2023, 1:04 PMHi;
I am getting this error:
Error: Since your API and website domain are different, for sessions to work, please use https on your apiDomain and dont set cookieSecure to false.SESSION_MANAGEMENT_CONNECTION_URL="http://supertokens.myapp-development.svc:3567"
SESSION_MANAGEMENT_API_KEY="******-****-****-****-********"
SESSION_MANAGEMENT_APP_NAME="myapp"
SESSION_MANAGEMENT_API_DOMAIN="https://dev.my.app"
SESSION_MANAGEMENT_WEBSITE_DOMAIN="https://dev.my.app"
SESSION_MANAGEMENT_API_BASE_PATH="/api"
SESSION_MANAGEMENT_WEBSITE_BASE_PATH="/"
SESSION_MANAGEMENT_SESSION_SCOPE=".dev.my.app"
SESSION_MANAGEMENT_COOKIE_SECURE="true"r
rp
01/09/2023, 1:07 PMhey @rezaamya
can i see your supertokens.init code?
r
rezaamya
01/09/2023, 1:08 PMI found out that when I am setting sameSite as 'none' this error will happen
r
rp
01/09/2023, 1:10 PMright. You don't need to set the sameSite explicitly.
r
rezaamya
01/09/2023, 1:11 PMI am running superTokens by this docker-compose.yml file:
version: '3'
services:
db:
image: 'postgres:14.5'
environment:
POSTGRES_USER: db_user
POSTGRES_PASSWORD: dp_pass
POSTGRES_DB: db_name
networks:
- supertokens_network
restart: unless-stopped
healthcheck:
test: ['CMD', 'pg_isready -U supertokens_user']
interval: 5s
timeout: 5s
retries: 5
supertokens:
image: registry.supertokens.io/supertokens/supertokens-postgresql:3.16
depends_on:
- db
ports:
- 3567:3567
environment:
POSTGRESQL_CONNECTION_URI: "postgresql://db_user:db_pass@db:5432/db_name"
API_KEYS: **********-***-****-***********
REFRESH_TOKEN_VALIDITY: 144000
ACCESS_TOKEN_VALIDITY: 10
networks:
- supertokens_network
restart: unless-stopped
healthcheck:
test: >
bash -c 'exec 3<>/dev/tcp/127.0.0.1/3567 && echo -e "GET /hello HTTP/1.1\r\nhost: 127.0.0.1:3567\r\nConnection: close\r\n\r\n" >&3 && cat <&3 | grep "Hello"'
interval: 10s
timeout: 5s
retries: 5
networks:
supertokens_network:
driver: bridgeI have an admin section that is on:
admin.dev.my.app
r
rp
01/09/2023, 1:13 PMsameSite lax should work for that too
r
rezaamya
01/09/2023, 1:14 PMAha, I will try
and I will update you in minutes
With lax it is working, but only on get methods
r
rp
01/09/2023, 1:16 PMyou need to add the anti-csrf token for non get methods
you would have got this token in the response headers during sign in