From 3244e388b8696ec0ac668d8d9b42e09c60048dba Mon Sep 17 00:00:00 2001
From: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Date: Fri, 23 May 2025 05:44:03 +1000
Subject: [PATCH] chore(trustedOrigin): warn if invalid value is passed (#2699)

Right now, if an invalid trusted origin is passed, it becomes very hard to debug and find the cause of a given endpoint failing.

As far as I've seen, there error can be as undescriptive as:
dev: # SERVER_ERROR:  TypeError: Cannot read properties of undefined (reading 'includes')
dev:     at Array.some (<anonymous>)
dev:  POST /api/auth/sign-up/email 500 in 915ms

This will throw an error stating that a valid trusted origins list is required.
---
 packages/better-auth/src/init.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/better-auth/src/init.ts b/packages/better-auth/src/init.ts
index 90b4b45cca..5cbe84e88e 100644
--- a/packages/better-auth/src/init.ts
+++ b/packages/better-auth/src/init.ts
@@ -277,5 +277,10 @@ function getTrustedOrigins(options: BetterAuthOptions) {
 	if (envTrustedOrigins) {
 		trustedOrigins.push(...envTrustedOrigins.split(","));
 	}
+	if (trustedOrigins.filter((x) => !x).length) {
+		throw new BetterAuthError(
+			"A provided trusted origin is invalid, make sure your trusted origins list is properly defined.",
+		);
+	}
 	return trustedOrigins;
 }