is there a way i can get supertokens working on lo...
# support-questions-legacyd
d3adb0y
01/12/2023, 5:27 PMis there a way i can get supertokens working on localhost without having a different website and api domain? initially i was using ngrok domain name in my configuration however im getting another developer involved in this project and i need a way for them to be able to run the entire stack locally without any additional tools
Copy code
supertokens_python.exceptions.GeneralError: Since your API and website domain are different, for sessions to work, please use https on your apiDomain and don't set cookieSecure to false.r
rp_st
01/12/2023, 5:51 PMhey @d3adb0y yea, you can use localhost for your websiteDomain value, and either localhost on apiDomain, or something like
https://api.yourapp.comd
d3adb0y
01/12/2023, 5:52 PMdoes that domain need to be routable?
d3adb0y
01/12/2023, 5:52 PMcurrently trying to use localhost and on refresh im getting 400 response from the API
r
rp_st
01/12/2023, 5:53 PM> does that domain need to be routable?
What do you mean?
Also, what values have you set for apiDomain and websiteDOmain (on frontend and backend)
d
d3adb0y
01/12/2023, 5:53 PM Copy code
SuperTokens.init({
appInfo: {
appName: "Virtual Labs API",
apiDomain: "http://localhost:9000",
websiteDomain: "http://localhost:5173",
apiBasePath: "/auth",
websiteBasePath: "/auth"
},
recipeList: [
Passwordless.init({
useShadowDom: false,
contactMethod: "EMAIL"
}),
Session.init()
]
});d3adb0y
01/12/2023, 5:54 PMam using the same api and website domain values on the backend
r
rp_st
01/12/2023, 5:54 PMyea. this should work just fine
d
d3adb0y
01/12/2023, 5:54 PMon the python backend
d3adb0y
01/12/2023, 5:54 PMdo i need to set these params
Copy code
session.init(cookie_same_site="lax", cookie_secure=False)r
rp_st
01/12/2023, 5:54 PMif you visit he refresh API on your browser, it should give you a 404 though. Cause the refresh API is only a POST and not GET
rp_st
01/12/2023, 5:55 PMyou can remove hte cookie_same_site and cookie_secure params. We set those automatically based on apiDomain and websiteDOmain
d
d3adb0y
01/12/2023, 5:56 PM"OPTIONS /auth/session/refresh HTTP/1.1" 400
d3adb0y
01/12/2023, 5:56 PMi just see 400 response from the API now
d3adb0y
01/12/2023, 5:56 PMon refresh
r
rp_st
01/12/2023, 5:56 PMright.. you shuold see how you have configured CORS on your backend.
rp_st
01/12/2023, 5:57 PMCORS sending a 400 means something is wrong with the CORS middleware.
d
d3adb0y
01/12/2023, 5:57 PMoh duh
d3adb0y
01/12/2023, 5:57 PMforgot to change those values
2 Views