To ensure that Ory APIs are exposed on the same domain as your application, you can use the Ory Proxy or Ory Tunnel, both of which are part of the Ory CLI. For local development, you can use the Ory Tunnel. This tool allows you to tunnel the Ory APIs on a port on your local machine, which allows cookies to be set on the same domain as the application is running. Here's how you can start the Ory Tunnel:

bash npx @ory/cli tunnel --dev <http://localhost:3000>

In this example, Ory APIs are now mirrored on

<http://localhost:4000>

. The

--dev

flag disables security checks for easier integration and should not be used when deploying the Tunnel to a staging environment. For production, you can use the Ory Proxy. This is a reverse proxy deployed in front of your application that allows the Ory endpoints to be mirrored on the same domain as the app you're running. It rewrites cookies to match the domain your application is currently on. Alternatively, you can also add a Custom Domain to your Ory Network project. With the custom domain set up, you don't need to use Ory Proxy or Ory Tunnel to interact with Ory APIs. Instead, use the configured custom domain in your SDK calls:

javascript var sdk = require("@ory/client")      var ory = new sdk.FrontendApi(    new sdk.Configuration({    basePath: "<https://ory.example.org>",    baseOptions: {    // Ensures that cookies are included in CORS requests:    withCredentials: true,    },    }),   )

For more information, you can refer to the following documentation: - [Ory Proxy and Ory Tunnel](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel) - [Custom Domains](https://www.ory.sh/docs/guides/custom-domains) - [Local Development](https://www.ory.sh/docs/getting-started/local-development) - [Integrate Authentication into Node.js / Express.js](https://www.ory.sh/docs/getting-started/integrate-auth/expressjs#go-to-production) - [Integrate Authentication into Go](https://www.ory.sh/docs/getting-started/integrate-auth/go#install-ory-cli)

Yes, you can get the cookies to work when using Ory Network without using a custom domain by using the Ory Proxy or Ory Tunnel, both of which are part of the Ory CLI. Ory Proxy is a reverse proxy that rewrites cookies to match the domain your application is currently on. It mirrors Ory endpoints on the same domain as the application you're running. This is a useful tool when developing locally. In production, it's recommended to use a custom domain (CNAME), but Ory Proxy can be used if setting up a custom domain is not possible. Ory Tunnel is another tool that can be used, especially for local development. It allows you to tunnel the Ory APIs on a port on your local machine, which allows cookies to be set on the same domain as the application is running. To install the Ory CLI, you can use the following command:

bash npm i --save @ory/cli

For more information, you can refer to the following documentation: - [Ory Proxy and Ory Tunnel](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel) - [Integrate Authentication into Node.js / Express.js](https://www.ory.sh/docs/getting-started/integrate-auth/expressjs#install-ory-cli) - [Integrate Authentication into Go](https://www.ory.sh/docs/getting-started/integrate-auth/go#install-ory-cli) - [Integrate Authentication into Flutter Web](https://www.ory.sh/docs/getting-started/integrate-auth/flutter-web-redirect#install-ory-cli)