Deceptive site ahead
Hi community, I have a Next.js app with NextAuth running on a VPS. Last night, I received a red screen indicating that Google had detected phishing. According to the Google Search Console, these are the URLs that are supposedly affected:
https://mydomain/api/auth/signin/
https://mydomain/api/auth/signin/google
I check the code on [...nextauth] and its normal. I have performed a clamscan of my repository on the VPS and all files are okay.
How can I fix this issue?
2 Replies
are those urls your callback urls?
in nextauth the callback urls should be /api/auth/callback/[provider]
try changing that maybe
or if they are your signin pages try moving them out of /api
No, they are not my callback urls. In pages api I have the [...nextauth].ts file and nothing more.