From b8cee4f18819d5eac35966ea6901ed7845f769b6 Mon Sep 17 00:00:00 2001
From: Bereket Engida <Bekacru@gmail.com>
Date: Thu, 17 Jul 2025 09:34:48 -0700
Subject: [PATCH] chore: remove unused file

---
 .../better-auth/src/utils/callback-url.ts     | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 packages/better-auth/src/utils/callback-url.ts

diff --git a/packages/better-auth/src/utils/callback-url.ts b/packages/better-auth/src/utils/callback-url.ts
deleted file mode 100644
index 7d6e554218..0000000000
--- a/packages/better-auth/src/utils/callback-url.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import { APIError } from "better-call";
-import type { GenericEndpointContext } from "../types";
-
-/**
- * Checks if the callbackURL is a valid URL and if it's in the trustedOrigins
- * to avoid open redirect attacks
- */
-export const checkCallbackURL = (
-	callbackURL: string,
-	ctx: GenericEndpointContext,
-) => {
-	const trustedOrigins = ctx.context.trustedOrigins;
-	const callbackOrigin = callbackURL ? new URL(callbackURL).origin : null;
-	if (callbackOrigin && !trustedOrigins.includes(callbackOrigin)) {
-		throw new APIError("FORBIDDEN", {
-			message: "Invalid callback URL",
-		});
-	}
-};