fix(auth): add trustedOrigins to BetterAuth config
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
BetterAuth rejects cross-origin requests unless the origin is in trustedOrigins. The web dashboard at localhost:3000 was getting "Invalid origin" errors when calling auth endpoints on localhost:4000. Reads GATEWAY_CORS_ORIGIN env var (comma-separated), defaults to http://localhost:3000. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -39,6 +39,9 @@ export function createAuth(config: AuthConfig) {
|
||||
]
|
||||
: undefined;
|
||||
|
||||
const corsOrigin = process.env['GATEWAY_CORS_ORIGIN'] ?? 'http://localhost:3000';
|
||||
const trustedOrigins = corsOrigin.split(',').map((o) => o.trim());
|
||||
|
||||
return betterAuth({
|
||||
database: drizzleAdapter(db, {
|
||||
provider: 'pg',
|
||||
@@ -47,6 +50,7 @@ export function createAuth(config: AuthConfig) {
|
||||
baseURL: baseURL ?? process.env['BETTER_AUTH_URL'] ?? 'http://localhost:4000',
|
||||
secret: secret ?? process.env['BETTER_AUTH_SECRET'],
|
||||
basePath: '/api/auth',
|
||||
trustedOrigins,
|
||||
emailAndPassword: {
|
||||
enabled: true,
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user