Skip to content

trustHost: true results in Error: AUTH_NO_ORIGIN #1066

New issue
New issue
Open
Open
trustHost: true results in Error: AUTH_NO_ORIGIN#1066
Labels
bugA bug that needs to be resolvedpendingAn issue waiting for triage
@ztefn

Description

@ztefn
ztefn
opened on Nov 25, 2025

Environment

  • Operating System: Linux
  • Node Version: v22.21.0
  • Nuxt Version: 3.14.1592
  • CLI Version: 3.15.0
  • Nitro Version: 2.12.9
  • Package Manager: [email protected]
  • Builder: -
  • User Config: -
  • Runtime Modules: -
  • Build Modules: -

Reproduction

Set useHost to true and don't set any static AUTH_ORIGIN env or baseUrl and run in production mode (nuxt run build + nuxt run preview).

https://stackblitz.com/edit/github-uesjxvkv?file=nuxt.config.ts

Describe the bug

We have a muti-tenant project where each subdomain serves a different tenant. Therefore we have trustHost set to true in order to support multiple (sub)domains from the same running docker container. This works in nuxt-auth 0.9.4. However this doesn't work anymore in any later version (0.10.0 - 1.1.0).

The cause seems to be that the call to getServerBaseUrl() from assertOrigin.ts doesn't pass along any event parameter:

nuxt-auth/src/runtime/server/plugins/assertOrigin.ts

Line 22 in a34eff1

getServerBaseUrl(runtimeConfig, false, trustHostUserPreference, isProduction)

So when the code reaches Prio 3: Try to infer the origin if we're not in production or if user trusts host it won't do anything because event is missing. And then throws ERROR_MESSAGES.NO_ORIGIN.

nuxt-auth/src/runtime/server/services/authjs/utils.ts

Lines 45 to 95 in a34eff1

/**
* Get the full base URL including Origin and pathname
*
* @param runtimeConfig Nuxt Runtime Config
* @param includePath Whether function should output just Origin or the full URL
* @param trustHostUserPreference Whether the host can be trusted. If `true`, base will be inferred from the request, otherwise the configured origin will be used.
* @param isProduction Whether app is running in production mode. In non-production mode function will try to infer the result from the passed event.
* @param event The H3 Event for inferring the result (optional)
* @throws {Error} When the calculated result did not include a valid Origin, e.g. it will throw for the result of `/api/auth`, but will succeed for `https://example.com/api/auth`
*/
export function getServerBaseUrl(
runtimeConfig: RuntimeConfig,
includePath: boolean,
trustHostUserPreference: boolean,
isProduction: boolean,
event?: H3Event,
): string {
// Prio 1: Environment variable
// Prio 2: Static configuration
// Resolve the value from runtime config/env.
// If the returned value has protocol and host, it is considered valid.
const baseURL = resolveApiBaseURL(runtimeConfig, false)
const parsed = parseURL(baseURL)
if (parsed.protocol && parsed.host) {
const base = `${parsed.protocol}//${parsed.host}`
return includePath
? `${base}${parsed.pathname}${parsed.search || ''}${parsed.hash || ''}`
: base
}
// Prio 3: Try to infer the origin if we're not in production or if user trusts host
if (event && (!isProduction || trustHostUserPreference)) {
const requestUrl = getRequestURL(event, {
xForwardedHost: trustHostUserPreference,
xForwardedProto: trustHostUserPreference || undefined
})
if (!includePath) {
return requestUrl.origin
}
// When path is needed, use the preconfigured base path instead of parsing request's pathname
const basePath = withLeadingSlash(parsed.pathname)
requestUrl.pathname = basePath
return requestUrl.href
}
throw new Error(ERROR_MESSAGES.NO_ORIGIN)
}

Additional context

No response

Logs

Error: AUTH_NO_ORIGIN: No `origin` - this is an error in production, see https://sidebase.io/nuxt-auth/resources/errors. You can ignore this during development
    at getServerBaseUrl (file:///home/projects/gqaimwabzp.github/.output/server/chunks/nitro/nitro.mjs:4574:9)
    at <anonymous> (file:///home/projects/gqaimwabzp.github/.output/server/chunks/nitro/nitro.mjs:4638:21)
    at runNitroPlugins (file:///home/projects/gqaimwabzp.github/.output/server/chunks/nitro/nitro.mjs:5052:13)
    at _0x49baf9 (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:819814)
    at run (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:820546)
    at _0x39c6d6 (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:835720)
    at _evaluate (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:836069)
    at _0x30fd45 (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:835355)
    at _0x30fd45 (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:835548)
    at _0x30fd45 (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:835548)
    at _0x30fd45 (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:835548)
    at _evaluate (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:835929)
    at evaluate (https://gqaimwabzpgithub-3a0c.w-corp-staticblitz.com/blitz.cf284e50.js:31:832499)
    at run (node:internal/modules/esm/module_job:158:3371)

Node.js v20.19.1

[1:44:02 PM]  ERROR  Process exited with non-zero status (1)

    at z (node_modules/tinyexec/dist/main.js:483:3)
    at _waitForOutput (node_modules/tinyexec/dist/main.js:592:92) 



[1:44:02 PM]  ERROR  Process exited with non-zero status (1

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugA bug that needs to be resolvedpendingAn issue waiting for triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions