From b17c71be39de8cc581ac0e298b8beffcf526fc7e Mon Sep 17 00:00:00 2001
From: Jacobo Tabernero <jacoborus@gmail.com>
Date: Wed, 29 Jan 2025 12:28:57 +0100
Subject: [PATCH] Fix (bearer): 'set-auth-token' header not exposed with CORS
 (#917) (#1169)

---
 packages/better-auth/src/plugins/bearer/index.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/better-auth/src/plugins/bearer/index.ts b/packages/better-auth/src/plugins/bearer/index.ts
index d876d8716a..9638f9fa3d 100644
--- a/packages/better-auth/src/plugins/bearer/index.ts
+++ b/packages/better-auth/src/plugins/bearer/index.ts
@@ -105,6 +105,7 @@ export const bearer = (options?: BearerOptions) => {
 						}
 						const token = sessionCookie.value;
 						ctx.responseHeader.set("set-auth-token", token);
+						ctx.responseHeader.set("Access-Control-Expose-Headers", "set-auth-token" );
 						return {
 							responseHeader: ctx.responseHeader,
 						};