https://supertokens.com/ logo
Title
d

d3adb0y

01/12/2023, 5:27 PM
is there a way i can get supertokens working on localhost without having a different website and api domain? initially i was using ngrok domain name in my configuration however im getting another developer involved in this project and i need a way for them to be able to run the entire stack locally without any additional tools
supertokens_python.exceptions.GeneralError: Since your API and website domain are different, for sessions to work, please use https on your apiDomain and don't set cookieSecure to false.
r

rp

01/12/2023, 5:51 PM
hey @d3adb0y yea, you can use localhost for your websiteDomain value, and either localhost on apiDomain, or something like
https://api.yourapp.com
.
d

d3adb0y

01/12/2023, 5:52 PM
does that domain need to be routable?
currently trying to use localhost and on refresh im getting 400 response from the API
r

rp

01/12/2023, 5:53 PM
> does that domain need to be routable? What do you mean? Also, what values have you set for apiDomain and websiteDOmain (on frontend and backend)
d

d3adb0y

01/12/2023, 5:53 PM
SuperTokens.init({
  appInfo: {
      appName: "Virtual Labs API",
      apiDomain: "http://localhost:9000",
      websiteDomain: "http://localhost:5173",
      apiBasePath: "/auth",
      websiteBasePath: "/auth"
  },
  recipeList: [
      Passwordless.init({
          useShadowDom: false,
          contactMethod: "EMAIL"
      }),
      Session.init()
  ]
});
am using the same api and website domain values on the backend
r

rp

01/12/2023, 5:54 PM
yea. this should work just fine
d

d3adb0y

01/12/2023, 5:54 PM
on the python backend
do i need to set these params
session.init(cookie_same_site="lax", cookie_secure=False)
r

rp

01/12/2023, 5:54 PM
if you visit he refresh API on your browser, it should give you a 404 though. Cause the refresh API is only a POST and not GET
you can remove hte cookie_same_site and cookie_secure params. We set those automatically based on apiDomain and websiteDOmain
d

d3adb0y

01/12/2023, 5:56 PM
"OPTIONS /auth/session/refresh HTTP/1.1" 400
i just see 400 response from the API now
on refresh
r

rp

01/12/2023, 5:56 PM
right.. you shuold see how you have configured CORS on your backend.
CORS sending a 400 means something is wrong with the CORS middleware.
d

d3adb0y

01/12/2023, 5:57 PM
oh duh
forgot to change those values