Error on Next.js 15 about synchronous usage of `headers()`

[incognitotgt]

Environment

  System:
    OS: macOS 15.1
    CPU: (8) arm64 Apple M2
    Memory: 92.91 MB / 24.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 22.10.0 - /opt/homebrew/bin/node
    Yarn: 1.22.19 - /opt/homebrew/bin/yarn
    npm: 10.9.0 - /opt/homebrew/bin/npm
    pnpm: 9.4.0 - /opt/homebrew/bin/pnpm
    bun: 1.1.12 - /usr/local/bin/bun
  Browsers:
    Chrome Canary: 132.0.6803.0
    Safari: 18.1
  npmPackages:
    next: 15.0.2-canary.9 => 15.0.2-canary.9 
    next-auth: 5.0.0-beta.18 => 5.0.0-beta.18 
    react: 19.0.0-rc-69d4b800-20241021 => 19.0.0-rc-69d4b800-20241021 

Reproduction URL

https://github.com/spaceness/stardust

Describe the issue

Next.js 15 introduced breaking changes to some dynamic APIs, such as headers(). That API must now be accessed asynchronously. Auth.js still accesses them synchronously, which throws multiple warnings when you go to run your app. For example, when you try to access the log in page in the aforementioned application, this is logged:

Error: Route "/auth/login" used `headers().get('x-forwarded-proto')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at getSession (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:8:0)
    at eval (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
   6 |     const url = createActionURL("session", 
   7 |     // @ts-expect-error `x-forwarded-proto` is not nullable, next.js sets it by default
>  8 |     headers.get("x-forwarded-proto"), headers, process.env, config.basePath);
   9 |     const request = new Request(url, {
  10 |         headers: { cookie: headers.get("cookie") ?? "" },
  11 |     });
Error: Route "/auth/login" used `headers().get('x-forwarded-host')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at createActionURL (webpack://stardust/node_modules/.pnpm/@auth+core@0.31.0/node_modules/@auth/core/lib/utils/env.js?207c:60:0)
    at getSession (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:6:31)
    at eval (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
  58 |     }
  59 |     else {
> 60 |         const detectedHost = headers.get("x-forwarded-host") ?? headers.get("host");
  61 |         const detectedProtocol = headers.get("x-forwarded-proto") ?? protocol ?? "https";
  62 |         const _protocol = detectedProtocol.endsWith(":")
  63 |             ? detectedProtocol
Error: Route "/auth/login" used `headers().get('x-forwarded-proto')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at createActionURL (webpack://stardust/node_modules/.pnpm/@auth+core@0.31.0/node_modules/@auth/core/lib/utils/env.js?207c:61:0)
    at getSession (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:6:31)
    at eval (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
  59 |     else {
  60 |         const detectedHost = headers.get("x-forwarded-host") ?? headers.get("host");
> 61 |         const detectedProtocol = headers.get("x-forwarded-proto") ?? protocol ?? "https";
  62 |         const _protocol = detectedProtocol.endsWith(":")
  63 |             ? detectedProtocol
  64 |             : detectedProtocol + ":";
Error: Route "/auth/login" used `headers().get('cookie')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-696af53-20240625_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at getSession (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:10:19)
    at eval (webpack://stardust/node_modules/.pnpm/next-auth@5.0.0-beta.18_next@15.0.2-canary.9_babel-plugin-react-compiler@0.0.0-experimental-6_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
   8 |     headers.get("x-forwarded-proto"), headers, process.env, config.basePath);
   9 |     const request = new Request(url, {
> 10 |         headers: { cookie: headers.get("cookie") ?? "" },
     |                   ^
  11 |     });
  12 |     return Auth(request, {
  13 |         ...config,

How to reproduce

Setup Auth.js in a Next.js 15 application and use a function such as auth()

Expected behavior

These headers should be accessed with await to reflect the changes, and no errors should be logged in the console.

[sinorrman]

For me this was resolved when updating to: next-auth@5.0.0-beta.25

[balazsorban44]

see #12136 (comment)

please upgrade

[ajmalshahabudeen]

For me this was resolved when updating to: next-auth@5.0.0-beta.25

Thanks, it worked

[hassaanistic]

For me this was resolved when updating to: next-auth@5.0.0-beta.25

Thanks man.

[SarfrazAlame]

same error i'm getting

[DieHardd]

same error i'm getting

go to package,json change "next-auth": "5.0.0-beta.23" to "next-auth": "5.0.0-beta.25" then > npm i

[Billmike]

@balazsorban44 I have this same issue, but I am also utilizing getServerSession in my codebase. When I install the 5.0.0-beta.25, I get the error saying Module '"next-auth"' has no exported member 'getServerSession'.. I took a look at the exported modules in the current beta version and getServerSession is not included. Is there a replacement for this module in the beta version?

[balazsorban44]

yes https://authjs.dev/getting-started/migrating-to-v5#authenticating-server-side

[tomitrescak]

I'm stil seeing this with beta.25:

auth.ts:326  Server   Error: Route "/course/[name]/[section]" used `headers().get('x-forwarded-proto')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at getServerAuthSession (auth.ts:326:16)
    at Page (page.tsx:40:45)
    at resolveErrorDev (react-server-dom-webpack-client.browser.development.js:1792:1)
    at getOutlinedModel (react-server-dom-webpack-client.browser.development.js:1283:1)
    at parseModelString (react-server-dom-webpack-client.browser.development.js:1423:1)
    at Array.eval (react-server-dom-webpack-client.browser.development.js:2119:1)
    at JSON.parse (<anonymous>)
    at resolveConsoleEntry (react-server-dom-webpack-client.browser.development.js:1955:1)
    at processFullStringRow (react-server-dom-webpack-client.browser.development.js:2095:1)
    at processFullBinaryRow (react-server-dom-webpack-client.browser.development.js:2059:1)
    at progress (react-server-dom-webpack-client.browser.development.js:2262:1)
overrideMethod @ hook.js:608
getServerAuthSession @ auth.ts:326
Page @ 

page.tsx:40 Server   Error: Route "/course/[name]/[section]" used `headers().get('cookie')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at getServerAuthSession (auth.ts:326:16)
    at Page (page.tsx:40:45)
    at resolveErrorDev (react-server-dom-webpack-client.browser.development.js:1792:1)
    at getOutlinedModel (react-server-dom-webpack-client.browser.development.js:1283:1)
    at parseModelString (react-server-dom-webpack-client.browser.development.js:1423:1)
    at Array.eval (react-server-dom-webpack-client.browser.development.js:2119:1)
    at JSON.parse (<anonymous>)

Any idea where this is blowing up ? This is the code where it blows up:

export const { auth, handlers, signIn, signOut } = NextAuth({
...
});

export const getServerAuthSession = async (): Promise<Session> => {
  return await auth(); // <- HERE
};

[Arvin7]

Upgrading to version 5.0.0-beta.25 breaks Reddit login.

[auth][error] TypeError: Invalid URL
    at new URL (node:internal/url:816:29)
    at getAuthorizationUrl (webpack-internal:///(rsc)/./node_modules/.pnpm/@auth+core@0.37.2/node_modules/@auth/core/lib/actions/signin/authorization-url.js:24:24)
    at Module.signIn (webpack-internal:///(rsc)/./node_modules/.pnpm/@auth+core@0.37.2/node_modules/@auth/core/lib/actions/signin/index.js:16:136)
    at AuthInternal (webpack-internal:///(rsc)/./node_modules/.pnpm/@auth+core@0.37.2/node_modules/@auth/core/lib/index.js:76:77)
    at async Auth (webpack-internal:///(rsc)/./node_modules/.pnpm/@auth+core@0.37.2/node_modules/@auth/core/index.js:130:34)

[YoSoyPhil]

I am using 5.0.0-beta.25 and I am also asked to await headers()

Error: Route "/platform/performance" used `headers().get('cookie')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at auth (src/app/platform/performance/page.js:15:28)
  13 |
  14 | export default async function BudgetPage() {
> 15 |   const session = await auth()

[rafael-marques]

For me this was resolved when updating to: next-auth@5.0.0-beta.25

Worked for me too.

Is it safe to use next-auth in beta version for prod ?