Fix a security issue: https://github.com/supabase/supabase/pull/22381 #65

scosman · 2024-05-09T14:24:45Z

Details:

CMSaaSStarted followed the offical SvelteKit Supabase docs here: https://supabase.com/docs/guides/getting-started/tutorials/with-sveltekit
Unforunately the server side helper getSession was not validating the JWT token, which was caught and fixed in the docs here: fix: better handling of getSession for sveltekit supabase/supabase#22381
There were a few improvements/cleanups since the fix, which we integrated as well, see change history here: https://github.com/supabase/supabase/commits/master/apps/docs/content/guides/getting-started/tutorials/with-sveltekit.mdx

Details: - CMSaaSStarted followed the offical SvelteKit Supabase docs here: https://supabase.com/docs/guides/getting-started/tutorials/with-sveltekit - Unforunately the server side helper getSession was not validtion the JWT token, which was caught and fixed in the docs here: supabase/supabase#22381 - There were a few improvements/cleanups since the fix, which we integrated as well, see change history here: https://github.com/supabase/supabase/commits/master/apps/docs/content/guides/getting-started/tutorials/with-sveltekit.mdx We're now back up to date with the supabase suggested format here: https://supabase.com/docs/guides/getting-started/tutorials/with-sveltekit

scosman · 2024-05-09T14:25:57Z

Thanks to @activenode for spotting this here: #64

Since it's a security issue I wanted to get this out ASAP so wrote up the PR instead of waiting.

activenode · 2024-05-09T15:08:13Z

Awesome! 🥳

scosman merged commit 7904d41 into main May 9, 2024
11 checks passed

scosman deleted the safe_get_session branch May 9, 2024 14:29

kizivat mentioned this pull request May 9, 2024

migrate to new supabase ssr auth package #63

Open

Provide feedback