break free of NEXTAUTH_URL using http header #4556
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add NEXTAUTH_TRUST_X_FORWARDED_HOST to types
add TRUST_HOST_HEADER to types patch `throw string` (to throw new Error(string)
goal was to get auth working with X-Forwarded-Host instead of NEXTAUTH_URL.
Plenty of work should be done to this more "merge-able" into the public github project:
- Make a nice alternative api to NEXTAUTH_URL
- Maybe there is no "api", we just keep using X-Forwarded-Host as we are now
- Be backwards compatible
- If NEXTAUTH_URL, it should be used, to be backward compatible.
- If you don't have NEXTAUTH_TRUST_X_FORWARDED_HOST or VERCEL set,
then NEXTAUTH_URL could be defaulted to `localhost:3000` was before,
except this time we explicitly default it in one place.
|
The latest updates on your projects. Learn more about Vercel for Git 鈫楋笌 1 Ignored Deployment
|
ubbe-xyz
requested changes
May 14, 2022
|
I linked to issue #600 in the Affected Issues section |
|
@devinrhode2 So the core team is considering adding a config option to allow trusting certain headers (which will solve your issue and part of #600). We don't have a timeline for this yet (we have many fronts open); we have to be very clear about the messaging and call it an advanced option because it has serious security implications. We'll update on this in #600, for now, I suggest the best is to close this PR and we'll take it as a reference when working on the solution 馃摍 |
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We need to support multiple domain names pointing to the same next.js server (multi-tenancy). Other parts of our infrastructure will pass an
X-Forwarded-Hostheader to this next.js server, which we need to use in place of the NEXTAUTH_URL.This is just a hack to get working for our use case.
I noticed the
version:prnpm script might actually publish this PR as a package, which is what I am trying to do by opening this PR. If it doesn't publish a package, then I will close and re-open later once this is ready for reviewI tried using
patch-packagebut was getting thisCan't find lockfile entry for next-autherror :/馃Б Checklist
馃帿 Affected issues
#600
馃搶 Resources