keystonejs · timleslie · Feb 24, 2021 · Feb 23, 2021 · Feb 23, 2021 · Feb 23, 2021
diff --git a/.changeset/fast-meals-ring.md b/.changeset/fast-meals-ring.md
@@ -0,0 +1,5 @@
+---
+'@keystone-next/auth': minor
+---
+
+Check x-forwarded-host before host for support reverse proxy defaults
diff --git a/packages-next/auth/src/index.ts b/packages-next/auth/src/index.ts
@@ -337,10 +337,11 @@ export function createAuth<GeneratedListTypes extends BaseGeneratedListTypes>({
           // Allow access to the adminMeta data from the /init path to correctly render that page
           // even if the user isn't logged in (which should always be the case if they're seeing /init)
           const headers = context.req?.headers;
+          const host = headers ? headers['x-forwarded-host'] || headers.host : null;
           const url = headers?.referer ? new URL(headers.referer) : undefined;
           const accessingInitPage =
             url?.pathname === '/init' &&
-            url?.host === headers?.host &&
+            url?.host === host &&
             (await context.sudo().lists[listKey].count({})) === 0;
           return (
             accessingInitPage ||