From 171149d1dd9b5e88482371bd9fc3acc63f49207e Mon Sep 17 00:00:00 2001
From: syns2191 <sutralian@gmail.com>
Date: Sun, 17 Nov 2024 23:40:00 +0700
Subject: [PATCH] fix: server web host not trusted

---
 apps/web/app/constants.ts | 2 ++
 apps/web/auth.ts          | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/apps/web/app/constants.ts b/apps/web/app/constants.ts
index db8321a56..e2a2e0564 100644
--- a/apps/web/app/constants.ts
+++ b/apps/web/app/constants.ts
@@ -317,6 +317,8 @@ export const SLACK_CLIENT_SECRET = process.env.SLACK_CLIENT_SECRET;
 export const TWITTER_CLIENT_ID = process.env.TWITTER_CLIENT_ID;
 export const TWITTER_CLIENT_SECRET = process.env.TWITTER_CLIENT_SECRET;
 
+export const IS_DESKTOP_APP = process.env.IS_DESKTOP_APP === 'true';
+
 // Add manual timer reason
 
 export const manualTimeReasons: ManualTimeReasons[] = [
diff --git a/apps/web/auth.ts b/apps/web/auth.ts
index 56e936665..36430b60a 100644
--- a/apps/web/auth.ts
+++ b/apps/web/auth.ts
@@ -2,9 +2,11 @@ import NextAuth from 'next-auth';
 import { filteredProviders } from '@app/utils/check-provider-env-vars';
 import { GauzyAdapter, jwtCallback, ProviderEnum, signInCallback } from '@app/services/server/requests/OAuth';
 import { NextRequest } from 'next/server';
+import { IS_DESKTOP_APP } from '@app/constants';
 
 export const { handlers, signIn, signOut, auth } = NextAuth((request) => ({
 	providers: filteredProviders,
+	trustHost: IS_DESKTOP_APP,
 	adapter: GauzyAdapter(request as NextRequest),
 	session: { strategy: 'jwt' },
 	callbacks: {