fix: AUTH_TRUSTED_ORIGINS and allows vercel urls

ivan-dalmet · ivan-dalmet · commit 04dc4a5740fe · 2025-10-09T16:44:04.000+02:00
diff --git a/.env.example b/.env.example
@@ -23,7 +23,7 @@ DATABASE_URL="postgres://${DOCKER_DATABASE_USERNAME}:${DOCKER_DATABASE_PASSWORD}
 BETTER_AUTH_SECRET="REPLACE ME" # You can use `npx @better-auth/cli@latest secret` to a generated secret
 SESSION_EXPIRATION_IN_SECONDS=2592000 # 30 days
 SESSION_UPDATE_AGE_IN_SECONDS=86400 # 1 day (every 1 day the session expiration is updated)
-AUTH_TRUSTED_ORIGIN="start-ui-native://,start-ui-native://*" # Mobile app scheme for trustedOrigins config
+AUTH_TRUSTED_ORIGINS="start-ui-native://,start-ui-native://*" # Mobile app scheme for trustedOrigins config
 
 # GITHUB
 GITHUB_CLIENT_ID="REPLACE ME"
diff --git a/src/env/server.ts b/src/env/server.ts
@@ -12,7 +12,7 @@ export const envServer = createEnv({
     BETTER_AUTH_SECRET: z.string(),
     SESSION_EXPIRATION_IN_SECONDS: z.coerce.number().int().prefault(2592000), // 30 days by default
     SESSION_UPDATE_AGE_IN_SECONDS: z.coerce.number().int().prefault(86400), // 1 day by default
-    AUTH_TRUSTED_ORIGIN: z.string().optional(),
+    AUTH_TRUSTED_ORIGINS: z.string().optional(), // Trusted origins, useful for React Native
 
     GITHUB_CLIENT_ID: zOptionalWithReplaceMe(),
     GITHUB_CLIENT_SECRET: zOptionalWithReplaceMe(),
diff --git a/src/server/auth.tsx b/src/server/auth.tsx
@@ -25,10 +25,18 @@ export const auth = betterAuth({
     expiresIn: envServer.SESSION_EXPIRATION_IN_SECONDS,
     updateAge: envServer.SESSION_UPDATE_AGE_IN_SECONDS,
   },
-  // Allows an Expo native app to use social auth, can be delete if no needed
-  trustedOrigins: envServer.AUTH_TRUSTED_ORIGIN
-    ? envServer.AUTH_TRUSTED_ORIGIN.split(',')
-    : undefined,
+  trustedOrigins: [
+    // Setup custom trusted origins, useful for React Native
+    ...(envServer.AUTH_TRUSTED_ORIGINS
+      ? envServer.AUTH_TRUSTED_ORIGINS.split(',')
+      : []),
+
+    // Setup vercel urls as trusted origins
+    // eslint-disable-next-line no-process-env
+    ...(process.env.VERCEL_URL ? [process.env.VERCEL_URL] : []),
+    // eslint-disable-next-line no-process-env
+    ...(process.env.VERCEL_BRANCH_URL ? [process.env.VERCEL_BRANCH_URL] : []),
+  ],
   database: prismaAdapter(db, {
     provider: 'postgresql',
   }),
