oAuthProxy broke in 1.2.9
I think this PR broke our oauth proxy for our local dev environments. Basically I'm seeing that on this line ctx.request.url is a http://localhost:3000 url, even though we run everything behind a dev domain on https. Should it not use the URL from oAuthProxy({ currentURL: https://my-local-https-domain.dev })?
GitHub
fix: oauth proxy between http and https by juliusmarminge · Pull R...
Shows a POC of an issue with the oauth proxy. We're setting secure headers, even if the proxied url is a localhost without ssl:
This is hacky, probably a much nicer solution exists and thu...
GitHub
better-auth/packages/better-auth/src/plugins/oauth-proxy/index.ts a...
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
2 Replies
currentURL is the current (preview, dev etc) productionURL is the stable url
Yeah but in your PR you don't take currentURL into account when detirmining whether the request is secure or not