https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> What exactly the flag `--dev` disab...
# ory-copilot
g
@chilly-king-10285 What exactly the flag 
--dev
disables in Kratos local development?
b
A message from kapa.ai
The 
--dev
flag in Ory Kratos is used to disable certain security features to make local development easier. Specifically, when you run Ory Kratos in 
--dev
mode, it disables 
SameSite=Lax
as Google Chrome rejects all cookies that have 
SameSite=Lax
but have 
secure
set to 
false
. If you require 
SameSite=Lax
, you need to run Ory Kratos with HTTPS and not use the 
--dev
flag. Moreover, Ory Kratos' cookies have the 
Secure
flag enabled by default, which means that the browser won't send the cookie unless the URL is a HTTPS URL. If you want Ory Kratos to work with HTTP (for example on localhost) you can add the 
--dev
flag. However, it's important to note that the 
--dev
flag should not be used in a production environment. When preparing for production, it's paramount to omit the 
--dev
flag from 
kratos serve
. Sources: - [CSRF troubleshooting](https://www.ory.sh/docs/kratos/debug/csrf#common-issues) - [kratos serve](https://www.ory.sh/docs/kratos/cli/kratos-serve) - [Go to production](https://www.ory.sh/docs/kratos/guides/production)
3 Views
Open in Slack
PreviousNext
Powered by