1 reply

cross domain cookie transport issue

i have my auth server (hono) with better-auth hosted on cloudflare, i want to be able to use that hosted server in my development too instead of running the auth server locally everytime i want to run my frontend, i set the cookies to same site none and secure but what happens after successful auth is that the cookie is set in my browser but when i navigate to a different page or refresh my page the cookies disapper, here's the config im using:

export const createClient = (appName: string, baseUrl: string) =>
  betterAuth({
    emailAndPassword: {
      enabled: false,
    },
    plugins: [
      emailOTP({
        disableSignUp: false,
        sendVerificationOTP: async ({ email, otp }) => {
          console.log({ email, otp });
        },
      }),
    ],
    socialProviders: {
      notion: {
        clientId: env.NOTION_OAUTH_CLIENT_ID,
        clientSecret: env.NOTION_OAUTH_CLIENT_SECRET,
      },
      google: {
        clientId: env.GOOGLE_OAUTH_CLIENT_ID,
        clientSecret: env.GOOGLE_OAUTH_CLIENT_SECRET,
        accessType: "offline",
        prompt: "select_account+consent",
        scope: ["https://www.googleapis.com/auth/drive.readonly"],
      },
    },
    database: drizzleAdapter(db, { provider: "pg", schema }),
    baseUrl,
    appName,
    trustedOrigins: env.TRUSTED_AUTH_ORIGINS.split(","), // also changed this to ["*"], but still doesn't work
    advanced: {
      defaultCookieAttributes: {
        sameSite: "None",
        secure: true,
        partitioned: true,
      },
      database: {
        generateId: () => nanoid(),
      },
    },
  });

export const createClient = (appName: string, baseUrl: string) =>
  betterAuth({
    emailAndPassword: {
      enabled: false,
    },
    plugins: [
      emailOTP({
        disableSignUp: false,
        sendVerificationOTP: async ({ email, otp }) => {
          console.log({ email, otp });
        },
      }),
    ],
    socialProviders: {
      notion: {
        clientId: env.NOTION_OAUTH_CLIENT_ID,
        clientSecret: env.NOTION_OAUTH_CLIENT_SECRET,
      },
      google: {
        clientId: env.GOOGLE_OAUTH_CLIENT_ID,
        clientSecret: env.GOOGLE_OAUTH_CLIENT_SECRET,
        accessType: "offline",
        prompt: "select_account+consent",
        scope: ["https://www.googleapis.com/auth/drive.readonly"],
      },
    },
    database: drizzleAdapter(db, { provider: "pg", schema }),
    baseUrl,
    appName,
    trustedOrigins: env.TRUSTED_AUTH_ORIGINS.split(","), // also changed this to ["*"], but still doesn't work
    advanced: {
      defaultCookieAttributes: {
        sameSite: "None",
        secure: true,
        partitioned: true,
      },
      database: {
        generateId: () => nanoid(),
      },
    },
  });

note that the cookie here is being set for my api's domain not my localhost

export const createClient = (appName: string, baseUrl: string) =>
  betterAuth({
    emailAndPassword: {
      enabled: false,
    },
    plugins: [
      emailOTP({
        disableSignUp: false,
        sendVerificationOTP: async ({ email, otp }) => {
          console.log({ email, otp });
        },
      }),
    ],
    socialProviders: {
      notion: {
        clientId: env.NOTION_OAUTH_CLIENT_ID,
        clientSecret: env.NOTION_OAUTH_CLIENT_SECRET,
      },
      google: {
        clientId: env.GOOGLE_OAUTH_CLIENT_ID,
        clientSecret: env.GOOGLE_OAUTH_CLIENT_SECRET,
        accessType: "offline",
        prompt: "select_account+consent",
        scope: ["https://www.googleapis.com/auth/drive.readonly"],
      },
    },
    database: drizzleAdapter(db, { provider: "pg", schema }),
    baseUrl,
    appName,
    trustedOrigins: env.TRUSTED_AUTH_ORIGINS.split(","), // also changed this to ["*"], but still doesn't work
    advanced: {
      defaultCookieAttributes: {
        sameSite: "None",
        secure: true,
        partitioned: true,
      },
      database: {
        generateId: () => nanoid(),
      },
    },
  });

export const createClient = (appName: string, baseUrl: string) =>
  betterAuth({
    emailAndPassword: {
      enabled: false,
    },
    plugins: [
      emailOTP({
        disableSignUp: false,
        sendVerificationOTP: async ({ email, otp }) => {
          console.log({ email, otp });
        },
      }),
    ],
    socialProviders: {
      notion: {
        clientId: env.NOTION_OAUTH_CLIENT_ID,
        clientSecret: env.NOTION_OAUTH_CLIENT_SECRET,
      },
      google: {
        clientId: env.GOOGLE_OAUTH_CLIENT_ID,
        clientSecret: env.GOOGLE_OAUTH_CLIENT_SECRET,
        accessType: "offline",
        prompt: "select_account+consent",
        scope: ["https://www.googleapis.com/auth/drive.readonly"],
      },
    },
    database: drizzleAdapter(db, { provider: "pg", schema }),
    baseUrl,
    appName,
    trustedOrigins: env.TRUSTED_AUTH_ORIGINS.split(","), // also changed this to ["*"], but still doesn't work
    advanced: {
      defaultCookieAttributes: {
        sameSite: "None",
        secure: true,
        partitioned: true,
      },
      database: {
        generateId: () => nanoid(),
      },
    },
  });

note that the cookie here is being set for my api's domain not my localhost

cross domain cookie transport issue

Similar Threads

cross domain cookie transport issue

Similar Threads

Similar Threads

Similar Threads