Skip to content

Commit c8b8981

Browse files
committed
docs: Note about how safari handles http only cookies in local dev
1 parent 94aa761 commit c8b8981

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

docs/development/setup.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,13 @@ This will deploy the API, job system and a MinIO (S3) instance locally. Using `c
8080

8181
Once the backend is up and running you can then run `divbase-cli` commands against it or go to for example <http://localhost:8000/api/v1/docs> to test out some of API commands directly.
8282

83+
!!! Warning "Login will not work on Safari/webkit browsers in local development"
84+
Webkit (browser Safari is based on) does not like setting a HTTP-only cookie as "secure" when using HTTP instead of HTTPS. In local dev when you connect to (http://)localhost you have a HTTP connection, so it refuses to set the cookie(s). The cookies being stored are the access + refresh token of the user.
85+
86+
**Safari works fine for end users connecting to a deployed instance, as that will be via HTTPS.**
87+
88+
We could add some logic along the lines of: `if in local dev/test env; set cookie to not be secure`, but for now, just easier to say use a diff browser for local dev.
89+
8390
The DivBase frontend is running on <http://localhost:8000>. The frontend is part of the FastAPI app deployment. All API routes are appended with `/api/v1` to avoid collisions. The frontend uses Jinja2 templating.
8491

8592
To help with setup, we provide a local development setup script which will:

0 commit comments

Comments
 (0)