chore(adapter-nextjs): add warning re: using http in production (#14134)

aws-amplify · Jan 13, 2025 · 89ec3fd · 89ec3fd
1 parent 3f2f826
commit 89ec3fd
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/..._tests__/auth/utils/isValidOrigin.test.ts → ...extjs/__tests__/auth/utils/origin.test.ts b/..._tests__/auth/utils/isValidOrigin.test.ts → ...extjs/__tests__/auth/utils/origin.test.ts
diff --git a/packages/adapter-nextjs/src/auth/utils/origin.ts b/packages/adapter-nextjs/src/auth/utils/origin.ts
@@ -9,6 +9,12 @@ export const isValidOrigin = (origin: string): boolean => {
 	try {
 		const url = new URL(origin);
 
+		if (url.protocol === 'http:' && url.hostname !== 'localhost') {
+			console.warn(
+				'HTTP origin detected. This is insecure and should only be used for local development.',
+			);
+		}
+
 		return (
 			(url.protocol === 'http:' || url.protocol === 'https:') &&
 			originRegex.test(origin)