Replies: 4 comments
-
|
Any input? Seems quite useful to be able to use the next-auth react utilities when the next-auth server is hosted on a different domain to your client. |
Beta Was this translation helpful? Give feedback.
-
|
Same here, this would be a pretty easy addition. My use case is a chrome extension where the origin in |
Beta Was this translation helpful? Give feedback.
-
|
For anyone following this, I created a feature request to customize the underlying the fetch options being made client-side. This would enable the behavior described here, while keeping the current behavior as default. |
Beta Was this translation helpful? Give feedback.
-
Goals
Set "credentials: include" on fetch requests made by the getSession utility.
Non-Goals
No response
Background
In my particular case, I am hosting my "auth api" (nextauth) on a different domain than my frontend, but am unable to use getSession because it doesn't explicitly include credentials (and so the requests do not include the session cookie). This also breaks SessionProvider and useSession, which is how I ended up here.
Proposal
Either allow us to modify the fetch options from the outside (i.e. by passing props to SessionProvider or getSession), or always have "credentials: include" set for getSession requests.
Just quickly scoured for the relevant places:
next-auth/packages/next-auth/src/react/index.tsx
Line 161 in ff3a739
next-auth/packages/next-auth/src/client/_utils.ts
Line 52 in ff3a739
I can make a PR, but I don't understand the full implications (any security concerns?) of doing this change.
Beta Was this translation helpful? Give feedback.
All reactions