Comments (3)
Hi @ThomasBurgess2000, the point of this is to make sure server components that are called downstream have the updated cookies. Otherwise they may see a stale JWT and attempt to refresh it themselves, but since the JWT has already been refreshed by the middleware, Supabase Auth will interpret this as a potentially malicious actor trying to reuse a refresh token and log the user out.
You can see that the updated request, with the new cookie header, is passed to NextResponse.next
.
response = NextResponse.next({
request: {
headers: request.headers,
},
})
from supabase.
Interesting, what you're saying makes sense, but we actually had the opposite experience.
We copied the docs, and had an issue where the user would be logged out every hour (when the JWT expired, and a refresh was attempted).
Removing
request.cookies.set({
name,
value,
...options,
})
response = NextResponse.next({
request: {
headers: request.headers,
},
})
leaving just
let response = NextResponse.next({
request: {
headers: request.headers,
},
});
const supabase = createServerClient<Database>(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{
cookies: {
get(name: string) {
return request.cookies.get(name)?.value;
},
set(name: string, value: string, options: CookieOptions) {
response.cookies.set(name, value, options);
},
remove(name: string, options: CookieOptions) {
response.cookies.set(name, "", options);
},
},
},
);
fixed this for us.
But now I'm not sure why that worked.
from supabase.
seems this issue might be related supabase/ssr#36
from supabase.
Related Issues (20)
- Docs page overflows on mobile
- Asynchronous Cleanup Functions Not Completing in Local Supabase Environment
- Unable to create users from dashboard HOT 3
- Hydration failed because the initial UI does not match what was rendered on the server. HOT 2
- Unable to disable Storage Image Transformations API calls HOT 1
- SupaSocialsAuth Google OAuth Safari error (Flutter) HOT 1
- Calling `supabase.auth.admin.updateUserById` in custom access token hook causes sign in to fail
- The Drizzle connection documentation is inacurate HOT 1
- "providers" field in "raw_app_meta_data" in auth.users table does not contain "email" HOT 2
- Supabase GraphQL Playground Docs errors HOT 2
- Type of Query result with left join doesn't match inferred type HOT 1
- Concurrent JSONB inserts result in incorrect data type via transaction-mode based pooler HOT 3
- Supabase Website ui breaks HOT 1
- Unable to add facebook login to my React Native app HOT 5
- Supabase needs a Microsoft provider for External Entra ID (EEID) HOT 1
- Supabase MFA RLS example doesn't work
- 406 error hitting /organizations using REST API HOT 2
- Documentation Inconsistency: "Extension in Public" Security Advisor Resolution HOT 4
- Incomplete '_analytics' schema
- When reading a declared vaiable (once initialized from a jsonb input) in a database function (in plpgsql) gives another value when read from nested blocks HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from supabase.