
I have configured my domain name with Cloudflare DNS and obtained a free SSL certificate from Cloudflare. I've set up this domain as an endpoint in my Appwrite dashboard, and everything seems to be working fine. However, I keep encountering a warning message in my console whenever I run my app: 'Appwrite is using localStorage for session management. Increase your security by adding a custom domain as your API endpoint.' Should I be worried about this warning, and does it impact my security? Despite this, Appwrite doesn't seem to accept my domain name as a custom domain. What steps can I take to resolve this issue and properly configure my Appwrite endpoint with my domain?"

Hi

The warning suggests that using localStorage for session management isn't the most secure method when compared to using HTTP cookies with the HttpOnly attribute. When a session is stored in localStorage, it's accessible by any JavaScript running on your page, which can make it vulnerable to XSS attacks.
Appwrite prefers to use more secure methods for session management, like HTTP cookies. However, to set cookies from Appwrite to your frontend, both need to be on the same domain or subdomain. This isn't possible when you're not using a custom domain with Appwrite, so Appwrite falls back to using localStorage.
So, it is much better to use custom domain
Now for the second part of the question:
Custom Domain Setup: If you've already configured your domain with Appwrite, make sure you've set it up correctly. This includes updating the DNS records, ensuring SSL works properly, and configuring your Appwrite environment to use your custom domain.
CORS & Appwrite Console: In the Appwrite console, ensure that you've added your custom domain under the settings section to allow requests from your frontend domain.
We have details on this page about everything related to custom domains, can you please read them once? https://appwrite.io/docs/custom-domains

@joeyouss Hi there I believe there might be an issue with Cloudflare's service. I followed the custom domain configuration instructions precisely as outlined in the documentation you provided earlier. However, despite my endpoint URL functioning properly behind Cloudflare, the dashboard is still presenting an error message that reads: 'Domain verification for the requested domain has failed.'

Setup Custom Domains for domain name behind Cloudflare dns

It might be due to the fact your server don't use SSL before <:cloudflare:1026272852900581496> Cloudflare. Check this: https://book.appread.io/post-installation#cloudflare-other-https-on-dns-level

@Binyamin Thanks that article helped me alot :appwritepeepo:

[SOLVED] Setup Custom Domains for domain name behind Cloudflare dns
Recommended threads
- API Endpoint to Verify Password.
I have 2 use cases where i need to verify a users password outside of login, e.g. Updating user account data (such as name, or prefs, or data in a users databa...
- search collection by document ID
How to filter or search collection for a document using document ID, I can't find this item on the filter menu
- Database Migration/Sync Between Two Proj...
Overall The migration failed mainly due to conflicts with existing data (documents, attributes, collections, etc.), exceeding attribute limits, and unsupported ...
