How are people setting up a development environment for client-side GUIs for Kratos? I've got Kratos running in k8s and entries in

/etc/hosts

for the GUI and the public endpoint for Kratos (

https://[domain]

and

https://[domain]/auth

. (Both in the same domain.) In k8s I've got two ingresses, one for each path. However when I run the browser in development mode, it's on port 9000. (Or at least not on 443). To handle this, I've setup a reverse proxy that proxies

https://[domain]:9000

to

https://[domain]

. So the k8s ingresses will see the correct domain. This is kind of working, but I suspect is the cause of my CSRF errors. So how do others setup client-side browser development?

Hi @plain-lunch-50969 You have to ensure that you are setting the baseURL and cookie domain correctly in the Kratos configurations (the domain you specified in

/etc/hosts

) CSRF and other cookie related issues are usually a problem due to the domain of your browser not being the same as the domain kratos is setting the cookies on. Insecure requests without TLS could also be a problem and might require the reverse proxy to set the certificates in your local trust store (e.g. Caddy can do this). Mixing up localhost and 127.0.0.1 - they are different domains. The best thing to do is diagnose the setup step by step, eliminate each suspect in the system. Try run Kratos with the

--dev

flag, see if that might be the issue in this case.

I use

<http://nip.io|nip.io>

domains locally

Thanks. I'm on the same domain - this is why I setup the reverse proxy. I have tried

--dev

. I have not set up the cookie domain. I'll try that, thanks. I am using self-signed certs which the browser may see as insecure as well.