From bb7d504efec36f8c6394d7e0876119fb81d2f0ff Mon Sep 17 00:00:00 2001
From: KinfeMichael Tariku <65047246+Kinfe123@users.noreply.github.com>
Date: Thu, 7 Aug 2025 19:09:19 +0300
Subject: [PATCH] docs: enhance trustedOrigins option with examples (#3857)

* docs: enhance trustedOrigins option documentation

* nit
---
 docs/content/docs/reference/options.mdx | 33 ++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/docs/content/docs/reference/options.mdx b/docs/content/docs/reference/options.mdx
index a371539965..98675bf99f 100644
--- a/docs/content/docs/reference/options.mdx
+++ b/docs/content/docs/reference/options.mdx
@@ -44,7 +44,11 @@ Default: `/api/auth`
 
 ## `trustedOrigins`
 
-List of trusted origins.
+List of trusted origins. You can provide a static array of origins, a function that returns origins dynamically, or use wildcard patterns to match multiple domains.
+
+### Static Origins
+
+You can provide a static array of origins:
 
 ```ts
 import { betterAuth } from "better-auth";
@@ -53,6 +57,33 @@ export const auth = betterAuth({
 })
 ```
 
+### Dynamic Origins
+
+You can provide a function that returns origins dynamically:
+
+```ts
+export const auth = betterAuth({
+	trustedOrigins: async (request: Request) => {
+		// Return an array of trusted origins based on the request
+		return ["https://dynamic-origin.com"];
+	}
+})
+```
+
+### Wildcard Support
+
+You can use wildcard patterns in trusted origins:
+
+```ts
+export const auth = betterAuth({
+	trustedOrigins: [
+		"*.example.com",             // Trust all subdomains of example.com
+		"https://*.example.com",     // Trust only HTTPS subdomains
+		"http://*.dev.example.com"   // Trust HTTP subdomains of dev.example.com
+	]
+})
+```
+
 ## `secret`
 
 The secret used for encryption, signing, and hashing.