fix: add a missed instance of allowInsecureRequests

nextauthjs · Nov 21, 2024 · 6b05943 · 6b05943
1 parent 1c9bcdd
commit 6b05943
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/packages/core/src/lib/actions/callback/oauth/callback.ts b/packages/core/src/lib/actions/callback/oauth/callback.ts
@@ -264,7 +264,11 @@ export async function handleOAuth(
         as,
         client,
         processedCodeResponse.access_token,
-        { [o.customFetch]: provider[customFetch] }
+        {
+          [o.customFetch]: provider[customFetch],
+          // TODO: move away from allowing insecure HTTP requests
+          [o.allowInsecureRequests]: true,
+        }
       )
       profile = await userinfoResponse.json()
     } else {