Better Auth•2mo ago

how to properly setup for cross domain - express + vite react

Cookie “better-auth.session_token” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”.

Cookie “better-auth.session_token” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”.

despite adding the required config in my backend auth.ts i am facing this issue. one thing is i am using http can it be the reason, if yes why am i getting the error above Instead of new error?

6 Replies

sebastian•2mo ago

is this happening in production or locally?

!YaxshOP•2mo ago

production

sebastian•2mo ago

A cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS protocol. It's never sent with unsecured HTTP (except on localhost) - mdn docs

sebastian•2mo ago

also, modyfing the session-token only isn't really enough for a cross site setup. You should specify the attribiutes in a defaultCookieAttributes

defaultCookieAttributes: {
  SameSite: "none",
  httpOnly: true,
  secure: true // you can try setting this to false in your use case, but generally not recommended
},

defaultCookieAttributes: {
  SameSite: "none",
  httpOnly: true,
  secure: true // you can try setting this to false in your use case, but generally not recommended
},

https://www.better-auth.com/docs/reference/options#advanced

Options | Better Auth

Better Auth configuration options reference.

FalconiZzare•2mo ago

cross domain or cross subdomain?

!YaxshOP•2w ago

cross domain

Gaming

Programming

how to properly setup for cross domain - express + vite react

Did you find this page helpful?