fix: auto-add localhost to trustedOrigins in dev mode #126
Description
Problem
When NUXT_PUBLIC_SITE_URL points to production (e.g. https://foo.workers.dev), trustedOrigins only contains the production origin. Login from http://localhost:3000 fails with INVALID_ORIGIN.
Expected
In dev mode (import.meta.dev), the module should auto-add http://localhost:${port} to trustedOrigins.
Relevant code
src/runtime/server/utils/auth.ts — getBaseURL() always prioritizes explicit siteUrl, so trustedOrigins never includes localhost.
Suggested fix
When import.meta.dev, pass trustedOrigins: ['http://localhost:3000'] (or detect the actual port) to the betterAuth() config.