When developing your own UI for Ory, you should link to the self-service URLs rather than directly to your UI URLs. This is the recommended approach for several reasons: ### Self-service URLs vs. UI URLs When users need to perform actions like login, registration, or account recovery, you should redirect them to the self-service initialization endpoints. For example:

html <a href="/.ory/self-service/login/browser">Log in</a>

This approach ensures that: 1. The proper flow is initialized with all necessary security measures (like CSRF tokens) 2. Pre-flow hooks can run 3. The system can handle redirects properly ### How the flow works The process works like this: 1. User clicks a link to a self-service URL (e.g.,

/.ory/self-service/login/browser

) 2. Ory initializes the flow and redirects to your configured UI URL with a flow ID 3. Your UI fetches the flow data using the flow ID and renders the appropriate form 4. User submits the form to Ory 5. On success, Ory redirects to the configured success URL ### Return URL parameter You can also add a

return_to

parameter to control where users are redirected after completing the flow:

html <a href="/.ory/self-service/login/browser?return_to=https://localhost:4000/my-url">Log in</a>

This is useful for returning users to the page they were on before authentication was required. ### Development setup For local development, you can use [Ory Tunnel](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel) or [Ory Proxy](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel#ory-proxy) to make Ory available on the same domain as your application, which helps avoid CORS issues.

ory proxy --project <project-id> --workspace <workspace-id> <http://localhost:3000>

For production, you should set up a [custom domain](https://www.ory.sh/docs/guides/custom-domains) for your Ory project.