From eab6cf51f9a79fd76622b56db1beaecf6dc401ea Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sun, 15 Mar 2026 12:03:29 -0500
Subject: [PATCH] fix(cli): add Origin header to auth requests

BetterAuth rejects requests without an Origin header with 403
MISSING_OR_NULL_ORIGIN. CLI fetch calls now send Origin: gatewayUrl.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 packages/cli/src/auth.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/cli/src/auth.ts b/packages/cli/src/auth.ts
index 5279502..e9fe792 100644
--- a/packages/cli/src/auth.ts
+++ b/packages/cli/src/auth.ts
@@ -29,7 +29,7 @@ export async function signIn(
 ): Promise<AuthResult> {
   const res = await fetch(`${gatewayUrl}/api/auth/sign-in/email`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', Origin: gatewayUrl },
     body: JSON.stringify({ email, password }),
     redirect: 'manual',
   });
@@ -106,7 +106,7 @@ export function loadSession(gatewayUrl: string): AuthResult | null {
 export async function validateSession(gatewayUrl: string, cookie: string): Promise<boolean> {
   try {
     const res = await fetch(`${gatewayUrl}/api/auth/get-session`, {
-      headers: { Cookie: cookie },
+      headers: { Cookie: cookie, Origin: gatewayUrl },
     });
     return res.ok;
   } catch {
-- 
2.49.1