From 4c6f880a3fcb735caf5fcf28d2e53f3bc7af772d Mon Sep 17 00:00:00 2001
From: Dmytro Stanchiev <git@dmytros.dev>
Date: Mon, 6 Apr 2026 23:18:20 -0400
Subject: [PATCH] feat(auth): configure trustedOrigins for CSRF protection

Add trustedOrigins to better-auth config to ensure proper origin
validation behind reverse proxy.
---
 src/auth.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/auth.ts b/src/auth.ts
index b7a1d73..a6df2ce 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -24,6 +24,7 @@ if (!process.env.AUTH_AUTHENTIK_ISSUER) {
 export const auth = betterAuth({
   secret: process.env.BETTER_AUTH_SECRET,
 	baseURL: process.env.BETTER_AUTH_URL,
+	trustedOrigins: [process.env.BETTER_AUTH_URL],
 	database: drizzleAdapter(db, {
 		provider: "pg",
 		schema,