github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-22 14:21:55 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[GH-ISSUE #6195] [Regression]: 1.40.0 no longer accepts application/x-www-form-urlencoded requests #27762

New Issue
Closed
opened 2026-04-17 18:57:25 -05:00 by GiteaMirror · 8 comments
GiteaMirror commented 2026-04-17 18:57:25 -05:00
Owner
Copy Link

Originally created by @notaphplover on GitHub (Nov 22, 2025).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/6195

Is this suited for github?

  • Yes, this is suited for github

To Reproduce

  1. Install better-auth@1.40.0.
  2. Start a backend with the given config:
const betterAuthInstance = betterAuth({
      database: new BetterSqlite3('./temp/better-auth.db'),
      emailAndPassword: {
        enabled: true,
      },
    });
  1. Perform a fetch request with content type application/x-www-form-urlencoded
    const signUpFormUrlEncodedResponse = await fetch(
          `http://${server.host}:${server.port.toString()}/api/auth/sign-up/email`,
          {
            body: new URLSearchParams({
              email: 'mail@sample.com',
              name: 'username',
              password: 'P4ssw0rd!',
            }),
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded',
            },
            method: 'POST',
          },
        );

Current vs. Expected behavior

I expect to receive a 200 HTTP status code in the response, but I receive a 415 (Unsupported Media Type) one

What version of Better Auth are you using?

1.4.0

System info

{
  "system": {
    "platform": "linux",
    "arch": "x64",
    "version": "#35~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Oct 14 13:55:17 UTC 2",
    "release": "6.14.0-35-generic",
    "cpuCount": 16,
    "cpuModel": "AMD Ryzen 9 4900HS with Radeon Graphics",
    "totalMemory": "38.60 GB",
    "freeMemory": "32.92 GB"
  },
  "node": {
    "version": "v24.11.1",
    "env": "development"
  },
  "packageManager": {
    "name": "pnpm",
    "version": "10.23.0"
  },
  "frameworks": [
    {
      "name": "fastify",
      "version": "5.6.2"
    },
    {
      "name": "hono",
      "version": "4.10.6"
    }
  ],
  "databases": [
    {
      "name": "better-sqlite3",
      "version": "^12.4.6"
    }
  ],
  "betterAuth": {
    "version": "^1.4.0",
    "config": null
  }
}

Which area(s) are affected? (Select all that apply)

Backend

Auth config (if applicable)

export const auth = betterAuth({
      database: new BetterSqlite3('./temp/better-auth.db'),
      emailAndPassword: {
        enabled: true,
      },
    });

Additional context

No response

Originally created by @notaphplover on GitHub (Nov 22, 2025). Original GitHub issue: https://github.com/better-auth/better-auth/issues/6195 ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce 1. Install `better-auth@1.40.0`. 2. Start a backend with the given config: ```ts const betterAuthInstance = betterAuth({ database: new BetterSqlite3('./temp/better-auth.db'), emailAndPassword: { enabled: true, }, }); ``` 3. Perform a fetch request with content type `application/x-www-form-urlencoded` ```ts const signUpFormUrlEncodedResponse = await fetch( `http://${server.host}:${server.port.toString()}/api/auth/sign-up/email`, { body: new URLSearchParams({ email: 'mail@sample.com', name: 'username', password: 'P4ssw0rd!', }), headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, method: 'POST', }, ); ``` ### Current vs. Expected behavior I expect to receive a 200 HTTP status code in the response, but I receive a 415 (Unsupported Media Type) one ### What version of Better Auth are you using? 1.4.0 ### System info ```bash { "system": { "platform": "linux", "arch": "x64", "version": "#35~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Oct 14 13:55:17 UTC 2", "release": "6.14.0-35-generic", "cpuCount": 16, "cpuModel": "AMD Ryzen 9 4900HS with Radeon Graphics", "totalMemory": "38.60 GB", "freeMemory": "32.92 GB" }, "node": { "version": "v24.11.1", "env": "development" }, "packageManager": { "name": "pnpm", "version": "10.23.0" }, "frameworks": [ { "name": "fastify", "version": "5.6.2" }, { "name": "hono", "version": "4.10.6" } ], "databases": [ { "name": "better-sqlite3", "version": "^12.4.6" } ], "betterAuth": { "version": "^1.4.0", "config": null } } ``` ### Which area(s) are affected? (Select all that apply) Backend ### Auth config (if applicable) ```typescript export const auth = betterAuth({ database: new BetterSqlite3('./temp/better-auth.db'), emailAndPassword: { enabled: true, }, }); ``` ### Additional context _No response_
GiteaMirror added the lockedbug labels 2026-04-17 18:57:25 -05:00
GiteaMirror commented 2026-04-17 18:57:27 -05:00
Author
Owner
Copy Link

@better-auth-agent[bot] commented on GitHub (Nov 22, 2025):

Hello, thanks for raising this issue! It appears that in version 1.4.0 the endpoint for email sign-ups is now returning a 415 error when using application/x-www-form-urlencoded. This seems to be a regression affecting our payload parsing for that request type. In the meantime, a good troubleshooting step is to try sending your request as application/json to verify that your other configurations are correct. Could you share if this behavior is consistent across other endpoints or only on the sign-up route? If you have any additional logs or details, that would be very helpful. Tag @better-auth-agent if you would like an answer from the Agent. What additional details can you provide that might help us reproduce the issue?

DiagramDiscordGitHub

Diagram Join Star

<!-- gh-comment-id:3566592641 --> @better-auth-agent[bot] commented on GitHub (Nov 22, 2025): Hello, thanks for raising this issue! It appears that in version 1.4.0 the endpoint for email sign-ups is now returning a 415 error when using application/x-www-form-urlencoded. This seems to be a regression affecting our payload parsing for that request type. In the meantime, a good troubleshooting step is to try sending your request as application/json to verify that your other configurations are correct. Could you share if this behavior is consistent across other endpoints or only on the sign-up route? If you have any additional logs or details, that would be very helpful. Tag @better-auth-agent if you would like an answer from the Agent. What additional details can you provide that might help us reproduce the issue? <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)
GiteaMirror commented 2026-04-17 18:57:27 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Nov 22, 2025):

This is a confirmed regression in Better Auth v1.40.0: the sign-up endpoint for email/password now only accepts requests with Content-Type: application/json. Requests with application/x-www-form-urlencoded will return a 415 Unsupported Media Type error because the API router explicitly restricts accepted media types to JSON only, and the endpoint does not parse or document support for form-encoded bodies (sourcesource).

Only OAuth2-related endpoints (like /token, /introspect, /revoke) are expected to accept application/x-www-form-urlencoded (source). For sign-up, you must send a JSON-encoded body with the appropriate headers.

Workaround: Change your request to use Content-Type: application/json and send the body as a JSON string, for example:

fetch('/api/auth/sign-up/email', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    email: 'mail@sample.com',
    name: 'username',
    password: 'P4ssw0rd!',
  }),
});

There is currently no configuration option to re-enable support for application/x-www-form-urlencoded for this endpoint. If you need this feature, you may want to track this as a regression or request support in future releases.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other

Chat with Dosu Open in Cursor Join Discord Share on X

<!-- gh-comment-id:3566601913 --> @dosubot[bot] commented on GitHub (Nov 22, 2025): <!-- Answer --> This is a confirmed regression in Better Auth v1.40.0: the sign-up endpoint for email/password now only accepts requests with `Content-Type: application/json`. Requests with `application/x-www-form-urlencoded` will return a 415 Unsupported Media Type error because the API router explicitly restricts accepted media types to JSON only, and the endpoint does not parse or document support for form-encoded bodies ([source](https://github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/index.ts#L205-L293), [source](https://github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/routes/sign-up.ts#L13-L353)). Only OAuth2-related endpoints (like `/token`, `/introspect`, `/revoke`) are expected to accept `application/x-www-form-urlencoded` ([source](https://github.com/better-auth/better-auth/pull/6111)). For sign-up, you must send a JSON-encoded body with the appropriate headers. **Workaround:** Change your request to use `Content-Type: application/json` and send the body as a JSON string, for example: ```js fetch('/api/auth/sign-up/email', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ email: 'mail@sample.com', name: 'username', password: 'P4ssw0rd!', }), }); ``` There is currently no configuration option to re-enable support for `application/x-www-form-urlencoded` for this endpoint. If you need this feature, you may want to track this as a regression or request support in future releases. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/e46ca2f2-f046-4686-b76d-370bbe8f4f7b?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/e46ca2f2-f046-4686-b76d-370bbe8f4f7b?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/e46ca2f2-f046-4686-b76d-370bbe8f4f7b?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/e46ca2f2-f046-4686-b76d-370bbe8f4f7b?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/e46ca2f2-f046-4686-b76d-370bbe8f4f7b?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/e46ca2f2-f046-4686-b76d-370bbe8f4f7b?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/e46ca2f2-f046-4686-b76d-370bbe8f4f7b?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github)&nbsp;[![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=This%20is%20a%20confirmed%20regression%20in%20Better%20Auth%20v1.40.0%3A%20the%20sign-up%20endpoint%20for%20email/password%20now%20only%20accepts%20requests%20with%20%60Content-Type%3A%20application/json%60.%20Requests%20with%20%60application/x-www-form-urlencoded%60%20will%20return%20a%20415%20Unsupported%20Media%20Type%20error%20because%20the%20API%20router%20explicitly%20restricts%20accepted%20media%20types%20to%20JSON%20only%2C%20and%20the%20endpoint%20does%20not%20parse%20or%20document%20support%20for%20form-encoded%20bodies%C2%A0%28%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/index.ts%23L205-L293%29%2C%C2%A0%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/routes/sign-up.ts%23L13-L353%29%29.%0A%0AOnly%20OAuth2-related%20endpoints%20%28like%20%60/token%60%2C%20%60/introspect%60%2C%20%60/revoke%60%29%20are%20expected%20to%20accept%20%60application/x-www-form-urlencoded%60%C2%A0%28%5Bsource%5D%28https%3A//github.com/better-auth/better-auth/pull/6111%29%29.%20For%20sign-up%2C%20you%20must%20send%20a%20JSON-encoded%20body%20with%20the%20appropriate%20headers.%0A%0A%2A%2AWorkaround%3A%2A%2A%20Change%20your%20request%20to%20use%20%60Content-Type%3A%20application/json%60%20and%20send%20the%20body%20as%20a%20JSON%20string%2C%20for%20example%3A%0A%0A%60%60%60js%0Afetch%28%27/api/auth/sign-up/email%27%2C%20%7B%0A%20%20method%3A%20%27POST%27%2C%0A%20%20headers%3A%20%7B%20%27Content-Type%27%3A%20%27application/json%27%20%7D%2C%0A%20%20body%3A%20JSON.stringify%28%7B%0A%20%20%20%20email%3A%20%27mail%40sample.com%27%2C%0A%20%20%20%20name%3A%20%27username%27%2C%0A%20%20%20%20password%3A%20%27P4ssw0rd%21%27%2C%0A%20%20%7D%29%2C%0A%7D%29%3B%0A%60%60%60%0A%0AThere%20is%20currently%20no%20configuration%20option%20to%20re-enable%20support%20for%20%60application/x-www-form-urlencoded%60%20for%20this%20endpoint.%20If%20you%20need%20this%20feature%2C%20you%20may%20want%20to%20track%20this%20as%20a%20regression%20or%20request%20support%20in%20future%20releases.)&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/6195)
GiteaMirror commented 2026-04-17 18:57:28 -05:00
Author
Owner
Copy Link

@notaphplover commented on GitHub (Nov 22, 2025):

Hey, agent,

Yes, I'm aware I can send json requests, just reporting the issue. I realiced about this for the sign up endpoint after my CI reported, logs are available at https://github.com/inversify/monorepo/actions/runs/19594597322/job/56117603039?pr=1319

<!-- gh-comment-id:3566602173 --> @notaphplover commented on GitHub (Nov 22, 2025): Hey, agent, Yes, I'm aware I can send json requests, just reporting the issue. I realiced about this for the sign up endpoint after my CI reported, logs are available at `https://github.com/inversify/monorepo/actions/runs/19594597322/job/56117603039?pr=1319`
GiteaMirror commented 2026-04-17 18:57:29 -05:00
Author
Owner
Copy Link

@notaphplover commented on GitHub (Nov 22, 2025):

Hey dosubot,

Only OAuth2-related endpoints (like /token, /introspect, /revoke) are expected to accept application/x-www-form-urlencoded (https://github.com/better-auth/better-auth/pull/6111). For sign-up, you must send a JSON-encoded body with the appropriate headers.

The source you provided is a PR that updates the proxy to return url encoded bodies if the request sends application/x-www-form-urlencoded body. It is not related to this issue. Can you elaborate on what you just said? Maybe I'm missing something

<!-- gh-comment-id:3566616649 --> @notaphplover commented on GitHub (Nov 22, 2025): Hey dosubot, > Only OAuth2-related endpoints (like /token, /introspect, /revoke) are expected to accept application/x-www-form-urlencoded (https://github.com/better-auth/better-auth/pull/6111). For sign-up, you must send a JSON-encoded body with the appropriate headers. The source you provided is a PR that updates the proxy to return url encoded bodies if the request sends `application/x-www-form-urlencoded` body. It is not related to this issue. Can you elaborate on what you just said? Maybe I'm missing something
GiteaMirror commented 2026-04-17 18:57:30 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Nov 22, 2025):

You're right—PR #6111 only fixes how the proxy/client serializes request bodies as application/x-www-form-urlencoded for endpoints that require it (like OAuth2 /token), but it does not change which backend endpoints actually accept that content type. The sign-up endpoint only accepts application/json, as enforced by the API router's allowedMediaTypes and the endpoint's OpenAPI docs—there's no backend logic to parse or accept form-encoded bodies for sign-up, so requests with application/x-www-form-urlencoded get a 415 error regardless of how the client serializes them reference reference.

Recent PRs show that application/x-www-form-urlencoded support is being added only to specific SSO/OAuth endpoints where required, not to general endpoints like sign-up reference. So, PR #6111 is not related to the sign-up regression—it's just about making sure the proxy sends the right format when the backend expects it, which is not the case for sign-up.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other

Chat with Dosu Open in Cursor Join Discord Share on X

<!-- gh-comment-id:3566623839 --> @dosubot[bot] commented on GitHub (Nov 22, 2025): <!-- Answer --> You're right—PR #6111 only fixes how the proxy/client serializes request bodies as application/x-www-form-urlencoded for endpoints that require it (like OAuth2 /token), but it does not change which backend endpoints actually accept that content type. The sign-up endpoint only accepts application/json, as enforced by the API router's allowedMediaTypes and the endpoint's OpenAPI docs—there's no backend logic to parse or accept form-encoded bodies for sign-up, so requests with application/x-www-form-urlencoded get a 415 error regardless of how the client serializes them [reference](https://github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/index.ts#L205-L293) [reference](https://github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/routes/sign-up.ts#L13-L353). Recent PRs show that application/x-www-form-urlencoded support is being added only to specific SSO/OAuth endpoints where required, not to general endpoints like sign-up [reference](https://github.com/better-auth/better-auth/pull/6123). So, PR #6111 is not related to the sign-up regression—it's just about making sure the proxy sends the right format when the backend expects it, which is not the case for sign-up. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/43b7f25c-6e51-4aea-8ed1-d8d0a3828052?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/43b7f25c-6e51-4aea-8ed1-d8d0a3828052?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/43b7f25c-6e51-4aea-8ed1-d8d0a3828052?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/43b7f25c-6e51-4aea-8ed1-d8d0a3828052?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/43b7f25c-6e51-4aea-8ed1-d8d0a3828052?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/43b7f25c-6e51-4aea-8ed1-d8d0a3828052?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/43b7f25c-6e51-4aea-8ed1-d8d0a3828052?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github)&nbsp;[![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=You%27re%20right%E2%80%94PR%20%236111%20only%20fixes%20how%20the%20proxy/client%20serializes%20request%20bodies%20as%20application/x-www-form-urlencoded%20for%20endpoints%20that%20require%20it%20%28like%20OAuth2%20/token%29%2C%20but%20it%20does%20not%20change%20which%20backend%20endpoints%20actually%20accept%20that%20content%20type.%20The%20sign-up%20endpoint%20only%20accepts%20application/json%2C%20as%20enforced%20by%20the%20API%20router%27s%20allowedMediaTypes%20and%20the%20endpoint%27s%20OpenAPI%20docs%E2%80%94there%27s%20no%20backend%20logic%20to%20parse%20or%20accept%20form-encoded%20bodies%20for%20sign-up%2C%20so%20requests%20with%20application/x-www-form-urlencoded%20get%20a%20415%20error%20regardless%20of%20how%20the%20client%20serializes%20them%C2%A0%5Breference%5D%28https%3A//github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/index.ts%23L205-L293%29%C2%A0%5Breference%5D%28https%3A//github.com/better-auth/better-auth/blob/44308bf20d431bd943a92a2ed4204a6b7d5a4182/packages/better-auth/src/api/routes/sign-up.ts%23L13-L353%29.%0A%0ARecent%20PRs%20show%20that%20application/x-www-form-urlencoded%20support%20is%20being%20added%20only%20to%20specific%20SSO/OAuth%20endpoints%20where%20required%2C%20not%20to%20general%20endpoints%20like%20sign-up%C2%A0%5Breference%5D%28https%3A//github.com/better-auth/better-auth/pull/6123%29.%20So%2C%20PR%20%236111%20is%20not%20related%20to%20the%20sign-up%20regression%E2%80%94it%27s%20just%20about%20making%20sure%20the%20proxy%20sends%20the%20right%20format%20when%20the%20backend%20expects%20it%2C%20which%20is%20not%20the%20case%20for%20sign-up.)&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/6195)
GiteaMirror commented 2026-04-17 18:57:30 -05:00
Author
Owner
Copy Link

@notaphplover commented on GitHub (Nov 22, 2025):

Hey @dosu, all right, then I guess you're just confirming the regression, right? Since better-auth@1.3.34 allowed url encoded bodies, confirming better-auth@1.4.0 does not support them anymore leads to the conclussion this issue is a regression

<!-- gh-comment-id:3566639692 --> @notaphplover commented on GitHub (Nov 22, 2025): Hey @dosu, all right, then I guess you're just confirming the regression, right? Since `better-auth@1.3.34` allowed url encoded bodies, confirming `better-auth@1.4.0` does not support them anymore leads to the conclussion this issue is a regression
GiteaMirror commented 2026-04-17 18:57:31 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Nov 22, 2025):

Yes, that's correct—this is a regression. In better-auth@1.3.34, the sign-up endpoint accepted application/x-www-form-urlencoded bodies, but in better-auth@1.4.0, it only accepts application/json. There's no documentation or PR indicating this was an intentional breaking change, so it qualifies as a regression. Only OAuth2-related endpoints are expected to accept form-encoded bodies in current versions; sign-up now requires JSON.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other

Chat with Dosu Open in Cursor Join Discord Share on X

<!-- gh-comment-id:3566640293 --> @dosubot[bot] commented on GitHub (Nov 22, 2025): <!-- Answer --> Yes, that's correct—this is a regression. In better-auth@1.3.34, the sign-up endpoint accepted application/x-www-form-urlencoded bodies, but in better-auth@1.4.0, it only accepts application/json. There's no documentation or PR indicating this was an intentional breaking change, so it qualifies as a regression. Only OAuth2-related endpoints are expected to accept form-encoded bodies in current versions; sign-up now requires JSON. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/12567788-730d-476f-815a-71064ae0413e?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/12567788-730d-476f-815a-71064ae0413e?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/12567788-730d-476f-815a-71064ae0413e?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/12567788-730d-476f-815a-71064ae0413e?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/12567788-730d-476f-815a-71064ae0413e?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/12567788-730d-476f-815a-71064ae0413e?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/12567788-730d-476f-815a-71064ae0413e?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github)&nbsp;[![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=Yes%2C%20that%27s%20correct%E2%80%94this%20is%20a%20regression.%20In%20better-auth%401.3.34%2C%20the%20sign-up%20endpoint%20accepted%20application/x-www-form-urlencoded%20bodies%2C%20but%20in%20better-auth%401.4.0%2C%20it%20only%20accepts%20application/json.%20There%27s%20no%20documentation%20or%20PR%20indicating%20this%20was%20an%20intentional%20breaking%20change%2C%20so%20it%20qualifies%20as%20a%20regression.%20Only%20OAuth2-related%20endpoints%20are%20expected%20to%20accept%20form-encoded%20bodies%20in%20current%20versions%3B%20sign-up%20now%20requires%20JSON.)&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/6195)
GiteaMirror commented 2026-04-17 18:57:32 -05:00
Author
Owner
Copy Link

@Bekacru commented on GitHub (Nov 22, 2025):

Hey, I’ll check if we already added this to the release notes, but we no longer support URL-encoded bodies by default. We only accept JSON unless a specific endpoint explicitly opts into allowing URL-encoded bodies.

<!-- gh-comment-id:3566833063 --> @Bekacru commented on GitHub (Nov 22, 2025): Hey, I’ll check if we already added this to the release notes, but we no longer support URL-encoded bodies by default. We only accept JSON unless a specific endpoint explicitly opts into allowing URL-encoded bodies.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label bug locked
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#27762
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?