Fix (bearer): 'set-auth-token' header not exposed with CORS (#917) (#1169)

2026-06-08 15:26:56 -05:00 · 2025-01-29 12:28:57 +01:00
parent 66bffe35cf
commit b17c71be39
1 changed files with 1 additions and 0 deletions
--- a/packages/better-auth/src/plugins/bearer/index.ts
+++ b/packages/better-auth/src/plugins/bearer/index.ts
@@ -105,6 +105,7 @@ export const bearer = (options?: BearerOptions) => {
 						}
 						const token = sessionCookie.value;
 						ctx.responseHeader.set("set-auth-token", token);
+						ctx.responseHeader.set("Access-Control-Expose-Headers", "set-auth-token" );
 						return {
 							responseHeader: ctx.responseHeader,
 						};