github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-06-01 11:56:43 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

docs: document disableOriginCheck in options.mdx (#7199)

Browse Source
This commit is contained in:
Maxwell
2026-01-08 23:42:20 +10:00
committed by GitHub
parent a9e53012df
commit 2a80e02ad4
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/content/docs/reference/options.mdx
View File

@@ -491,6 +491,7 @@ export const auth = betterAuth({
},
useSecureCookies: true,
disableCSRFCheck: false,
disableOriginCheck: false,
crossSubDomainCookies: {
enabled: true,
additionalCookies: ["custom_cookie"],
@@ -532,6 +533,7 @@ export const auth = betterAuth({
- `ipAddress`: IP address configuration for rate limiting and session tracking
- `useSecureCookies`: Use secure cookies (default: `false`)
- `disableCSRFCheck`: Disable trusted origins check (⚠️ security risk)
- `disableOriginCheck`: Disable origin check (⚠️ security risk)
- `crossSubDomainCookies`: Configure cookies to be shared across subdomains
- `cookies`: Customize cookie names and attributes
- `defaultCookieAttributes`: Default attributes for all cookies

2
packages/better-auth/src/api/middlewares/origin-check.ts
View File

@@ -165,7 +165,7 @@ async function validateOrigin(
}
if (!originHeader || originHeader === "null") {
throw new APIError("FORBIDDEN", { message: "Missing or null Origin" });
throw APIError.from("FORBIDDEN", BASE_ERROR_CODES.MISSING_OR_NULL_ORIGIN);
}
const trustedOrigins: string[] = Array.isArray(