CORS error when using Better Auth with subdomain (Next.js)
- Signin page: https://app.example.com/signin
- API endpoint: https://example.com/api/auth/sign-in/social
- Using middleware to rewrite subdomains (so app.example.com)
Configured trustedOrigins as:
trustedOrigins: [
'https://example.com',
'https://app.example.com',
'http://localhost:3000'
]
- Still getting a CORS error in the browser when calling the social sign-in endpoint.
In next.config.js I also added headers with Access-Control-Allow-Origin: * (wildcard).
Since this is a single NextJs project with subdomain rewrites, do I still need to manually add CORS headers, or should trustedOrigins handle this automatically?3 Replies
