LukeParke/better-auth
1
0
Fork 0
mirror of https://github.com/LukeHagar/better-auth.git synced 2025-12-06 12:27:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: redirect middleware shouldn't check baseURL

Browse Source
This commit is contained in:
Bereket Engida
2024-10-26 19:49:25 +03:00
parent 16450137ad
commit 0211dfb562
3 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -13,7 +13,7 @@
"lint": "biome check .",
"lint:fix": "biome check . --apply",
"release": "turbo --filter \"./packages/*\" build && bumpp && pnpm -r publish --access public --no-git-checks",
"release:no-build": "bumpp && pnpm -r publish --access public --no-git-checks",
"release:no-build": "bumpp && pnpm -r publish --access public --no-git-checks --tag next",
"release:beta": "turbo --filter \"./packages/*\" build && bumpp && pnpm -r publish --access public --tag next --no-git-checks",
"test": "turbo --filter \"./packages/*\" test",
"typecheck": "turbo --filter \"./packages/*\" typecheck"

5
packages/better-auth/src/api/middlewares/redirect.ts
View File

@@ -7,15 +7,14 @@ import { logger } from "../../utils/logger";
* preventing open redirect attacks.
*/
export const redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
const { body, query, headers, context } = ctx;
const { body, query, context } = ctx;
const callbackURL =
body?.callbackURL ||
query?.callbackURL ||
query?.redirectTo ||
body?.redirectTo;
const currentURL =
query?.currentURL || headers?.get("referer") || context.baseURL;
const currentURL = query?.currentURL;
const trustedOrigins = context.trustedOrigins;
const validateURL = (url: string | undefined, label: string) => {

2
packages/better-auth/src/auth.ts
View File

@@ -30,8 +30,8 @@ export const betterAuth = <O extends BetterAuthOptions>(options: O) => {
getBaseURL(undefined, basePath) || `${url.origin}${basePath}`;
ctx.options.baseURL = baseURL;
ctx.baseURL = baseURL;
ctx.trustedOrigins = [url.origin];
}
ctx.trustedOrigins = [url.origin, ...(ctx.options.trustedOrigins || [])];
if (!ctx.options.baseURL) {
return new Response("Base URL not set", { status: 400 });
}