From 95eb2c893a1326c9b7d6ee579a33613943bcf095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20G=C4=85sienica-Makowski?= Date: Mon, 3 Nov 2025 22:28:36 +0100 Subject: [PATCH] fix: remove `host` header when proxying through Next.js catch all route handler --- src/nextjs/index.ts | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/src/nextjs/index.ts b/src/nextjs/index.ts index 9b9e609..7fbfede 100644 --- a/src/nextjs/index.ts +++ b/src/nextjs/index.ts @@ -1,7 +1,7 @@ import { createCookieGetter } from "better-auth/cookies"; +import type { GenericDataModel } from "convex/server"; +import { type CreateAuth, getStaticAuth } from "../client"; import { JWT_COOKIE_NAME } from "../plugins/convex"; -import { CreateAuth, getStaticAuth } from "../client"; -import { GenericDataModel } from "convex/server"; export const getToken = async ( createAuth: CreateAuth @@ -44,9 +44,24 @@ const handler = (request: Request, opts?: { convexSiteUrl?: string }) => { throw new Error("NEXT_PUBLIC_CONVEX_SITE_URL is not set"); } const nextUrl = `${convexSiteUrl}${requestUrl.pathname}${requestUrl.search}`; - const newRequest = new Request(nextUrl, request); - newRequest.headers.set("accept-encoding", "application/json"); - return fetch(newRequest, { method: request.method, redirect: "manual" }); + + const headers = new Headers(request.headers); + headers.set("accept-encoding", "application/json"); + // Delete `host` header that points to Next.js application address + // Bun TLS cert validation is more strict that Node.js and it + // detects mismatch between `host` header and the target URL causing `ERR_TLS_CERT_ALTNAME_INVALID` + headers.delete("host"); + + const method = request.method; + const hasBody = request.method !== "GET" && request.method !== "HEAD"; + + const newRequest = new Request(nextUrl, { + method, + headers, + body: hasBody ? request.body : undefined, + redirect: "manual", + }); + return fetch(newRequest); }; export const nextJsHandler = (opts?: { convexSiteUrl?: string }) => ({