In kratos settings, is there a reason for having cookies.same_site and session.cookie.same_site different? I just set session.cookie.same_site to none for a local instance of kratos, but then noticed the other existed, Should i maybe use that instead?

Kratos instance, the app and selfservice would need to be one the same TLD - how is your setup exactly, can you give an example?

they are on the same domain, but i wanted to develop on localhost (using http, not https), using remote kratos instance, and sending requests to remote API's that validates cookie against kratos instance. so for instance kratos and selfservice runs on https://id.example.com and i add a

127.0.0.1 <http://myfrontend.example.com|myfrontend.example.com>

entry in

/etc/hosts

then i can visit http://myfrontend.example.com:3000 but cookies wont be sent from http to https, so i needed to set SameSite=None, then it worked.. This is dev instance of everything, so security isnt an issue

ory proxy/ory tunnel are intended for the managed service, so idk they would work for you. since you self-host why not host kratos locally as well?

we have many apis, its nice not having to start them and their databaser locally, just the service you are working on, and the rest of services run remotely

Then I would recommend to use the managed service Ory Network, its probably easier than develop your own solution here.