elegant-flag-19390
09/27/2022, 1:06 PMAn error occurred: Format is Authorization: Bearer [token]
How can we fix it?future-teacher-7046
elegant-flag-19390
09/27/2022, 1:14 PMfuture-teacher-7046
elegant-flag-19390
09/27/2022, 1:17 PMfuture-teacher-7046
AUTH_REFRESH_TOKEN
set? This is what we use to keep you logged inelegant-flag-19390
09/27/2022, 1:25 PM__growthbookid
future-teacher-7046
elegant-flag-19390
09/27/2022, 1:30 PMSameSite
attribute will be treated as SameSite=Lax
and the browser will not accept the cookie (I think that Chrome does not allow changing that behaviour). So, would it be possible to add the attribute to the cookie? Or is there any suggested way of having frontend and backend in two differents instances/domains?future-teacher-7046
SameSite=None
, but that would open up some potential security holes from CSRF attacks.
Are you able to use subdomains instead of entirely separate domains? So like <http://growthbook.example.com|growthbook.example.com>
and <http://growthbook-api.example.com|growthbook-api.example.com>
? That should work with SameSite=Lax
while still being secure.elegant-flag-19390
09/29/2022, 9:27 AM; SameSite=None; Secure