feat(auth): introduce experimental trustedProxyHeaders option

[halvaradop]

Description

This pull request adds the experimental trustedProxyHeaders configuration option, which infers the request origin URL based on proxy-related headers such as X-Forwarded-Proto, X-Forwarded-Host, and Forwarded.

Warning

This option can be dangerous if misused. It should only be enabled when the application is deployed behind a trusted proxy, load balancer, or cloud service that correctly sets these headers. Since proxy headers can be forged by attackers, this option must only be set to true when the proxy is fully trusted.

import { createAuth } from "@aura-stack/auth"

const auth = createAuth({
  oauth: [],
  trustedProxyHeaders: true,
})

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
auth	Ready	Preview, Comment	Dec 15, 2025 10:18pm