From 35d31a984ddff0fee2bd9af91eceeade6aff3669 Mon Sep 17 00:00:00 2001
From: Flea Flicker <flea@groombook.dev>
Date: Sat, 23 May 2026 13:57:47 +0000
Subject: [PATCH] fix(GRO-1592): fallback auth baseURL to
 window.location.origin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When VITE_API_URL is not set (e.g. in Docker/container deployments
where the env var was never injected), fallback to
window.location.origin so the auth client uses relative URLs and
cookies are sent to the correct origin.

Previously the fallback was empty string "", which caused the auth
client to default to http://localhost:3000 — the nginx sub_filter
workaround only handles strings baked into the JS bundle at build
time, not runtime-constructed URLs.

Fixes: SSO session cookie not set in browser after Authentik callback

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 src/lib/auth-client.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/auth-client.ts b/src/lib/auth-client.ts
index 6a9939a..02b7608 100644
--- a/src/lib/auth-client.ts
+++ b/src/lib/auth-client.ts
@@ -1,7 +1,7 @@
 import { createAuthClient } from "better-auth/react";
 
 export const authClient = createAuthClient({
-  baseURL: import.meta.env.VITE_API_URL ?? "",
+  baseURL: import.meta.env.VITE_API_URL || (typeof window !== "undefined" ? window.location.origin : ""),
 });
 
 export const { signIn, signOut, useSession, changePassword } = authClient;
\ No newline at end of file