Error on Next.js 15 about synchronous usage of headers()

[IncognitoTGT]

Environment

  System:
    OS: macOS 15.1
    CPU: (8) arm64 Apple M2
    Memory: 92.91 MB / 24.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 22.10.0 - /opt/homebrew/bin/node
    Yarn: 1.22.19 - /opt/homebrew/bin/yarn
    npm: 10.9.0 - /opt/homebrew/bin/npm
    pnpm: 9.4.0 - /opt/homebrew/bin/pnpm
    bun: 1.1.12 - /usr/local/bin/bun
  Browsers:
    Chrome Canary: 132.0.6803.0
    Safari: 18.1
  npmPackages:
    next: 15.0.2-canary.9 => 15.0.2-canary.9 
    next-auth: 5.0.0-beta.18 => 5.0.0-beta.18 
    react: 19.0.0-rc-69d4b800-20241021 => 19.0.0-rc-69d4b800-20241021 

Reproduction URL

https://github.com/spaceness/stardust

Describe the issue

Next.js 15 introduced breaking changes to some dynamic APIs, such as headers(). That API must now be accessed asynchronously. Auth.js still accesses them synchronously, which throws multiple warnings when you go to run your app. For example, when you try to access the log in page in the aforementioned application, this is logged:

Error: Route "/auth/login" used `headers().get('x-forwarded-proto')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at getSession (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:8:0)
    at eval (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
   6 |     const url = createActionURL("session", 
   7 |     // @ts-expect-error `x-forwarded-proto` is not nullable, next.js sets it by default
>  8 |     headers.get("x-forwarded-proto"), headers, process.env, config.basePath);
   9 |     const request = new Request(url, {
  10 |         headers: { cookie: headers.get("cookie") ?? "" },
  11 |     });
Error: Route "/auth/login" used `headers().get('x-forwarded-host')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at createActionURL (webpack://stardust/node_modules/.pnpm/@[email protected]/node_modules/@auth/core/lib/utils/env.js?207c:60:0)
    at getSession (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:6:31)
    at eval (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
  58 |     }
  59 |     else {
> 60 |         const detectedHost = headers.get("x-forwarded-host") ?? headers.get("host");
  61 |         const detectedProtocol = headers.get("x-forwarded-proto") ?? protocol ?? "https";
  62 |         const _protocol = detectedProtocol.endsWith(":")
  63 |             ? detectedProtocol
Error: Route "/auth/login" used `headers().get('x-forwarded-proto')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at createActionURL (webpack://stardust/node_modules/.pnpm/@[email protected]/node_modules/@auth/core/lib/utils/env.js?207c:61:0)
    at getSession (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:6:31)
    at eval (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
  59 |     else {
  60 |         const detectedHost = headers.get("x-forwarded-host") ?? headers.get("host");
> 61 |         const detectedProtocol = headers.get("x-forwarded-proto") ?? protocol ?? "https";
  62 |         const _protocol = detectedProtocol.endsWith(":")
  63 |             ? detectedProtocol
  64 |             : detectedProtocol + ":";
Error: Route "/auth/login" used `headers().get('cookie')`. `headers()` should be awaited before using its value. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis
    at createHeadersAccessError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:311:0)
    at logDedupedError (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/create-deduped-by-callsite-server-error-logger.js?8f8b:74:0)
    at syncIODev (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:305:0)
    at Promise.get (webpack://stardust/node_modules/.pnpm/[email protected][email protected]_react-do_xjqegx5hikrboysqw4mgu6qmje/node_modules/next/dist/server/request/headers.js?f897:230:0)
    at getSession (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:10:19)
    at eval (webpack://stardust/node_modules/.pnpm/[email protected][email protected][email protected]_gqluejmixuq2sejsxgkdkxzlwe/node_modules/next-auth/lib/index.js?85e5:88:0)
    at auth (webpack://stardust/src/app/auth/login/page.tsx?f6f3:20:27)
   8 |     headers.get("x-forwarded-proto"), headers, process.env, config.basePath);
   9 |     const request = new Request(url, {
> 10 |         headers: { cookie: headers.get("cookie") ?? "" },
     |                   ^
  11 |     });
  12 |     return Auth(request, {
  13 |         ...config,

How to reproduce

Setup Auth.js in a Next.js 15 application and use a function such as auth()

Expected behavior

These headers should be accessed with await to reflect the changes, and no errors should be logged in the console.

[sinorrman]

For me this was resolved when updating to: [email protected].25

[balazsorban44]

see #12136 (comment)

please upgrade

[ajmalshahabudeen]

For me this was resolved when updating to: [email protected].25

Thanks, it worked

[hassaanistic]

For me this was resolved when updating to: [email protected].25

Thanks man.

[SarfrazAlame]

same error i'm getting

[DieHardd]

same error i'm getting

go to package,json change "next-auth": "5.0.0-beta.23" to "next-auth": "5.0.0-beta.25" then > npm i

[Billmike]

@balazsorban44 I have this same issue, but I am also utilizing getServerSession in my codebase. When I install the 5.0.0-beta.25, I get the error saying Module '"next-auth"' has no exported member 'getServerSession'.. I took a look at the exported modules in the current beta version and getServerSession is not included. Is there a replacement for this module in the beta version?

[balazsorban44]

yes https://authjs.dev/getting-started/migrating-to-v5#authenticating-server-side