mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix(auth): add trustedOrigins to BetterAuth config
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details

Browse Source 
BetterAuth rejects cross-origin requests unless the origin is in
trustedOrigins. The web dashboard at localhost:3000 was getting
"Invalid origin" errors when calling auth endpoints on localhost:4000.

Reads GATEWAY_CORS_ORIGIN env var (comma-separated), defaults to
http://localhost:3000.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-03-15 11:44:00 -05:00
parent 72a73c859c
commit 980f00255b
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/auth/src/auth.ts
View File

@@ -39,6 +39,9 @@ export function createAuth(config: AuthConfig) {
] ]
: undefined; : undefined;
const corsOrigin = process.env['GATEWAY_CORS_ORIGIN'] ?? 'http://localhost:3000';
const trustedOrigins = corsOrigin.split(',').map((o) => o.trim());
return betterAuth({ return betterAuth({
database: drizzleAdapter(db, { database: drizzleAdapter(db, {
provider: 'pg', provider: 'pg',
@@ -47,6 +50,7 @@ export function createAuth(config: AuthConfig) {
baseURL: baseURL ?? process.env['BETTER_AUTH_URL'] ?? 'http://localhost:4000', baseURL: baseURL ?? process.env['BETTER_AUTH_URL'] ?? 'http://localhost:4000',
secret: secret ?? process.env['BETTER_AUTH_SECRET'], secret: secret ?? process.env['BETTER_AUTH_SECRET'],
basePath: '/api/auth', basePath: '/api/auth',
trustedOrigins,
emailAndPassword: { emailAndPassword: {
enabled: true, enabled: true,
}, },