Supabase
Block Domains from getting access to my Database #13768
Replies: 4 comments 1 reply
-
|
It would be ideal if we could set the value for cors |
Beta Was this translation helpful? Give feedback.
-
Typically, for local development, you'd have multiple environments (e.g. dev, staging, prod), and prod would be limited while the others wouldn't. Another option would be something like a reserved ngrok domain or perhaps something like Cloudflare Tunnel. (I agree that having CORS config via the dashboard would be great functionality) |
Beta Was this translation helpful? Give feedback.
-
|
Linking PostgREST/postgrest#2441 |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
Transferring this back to supabase/supabase as this is a platform issue, not a client lib issue. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Feature request
Is your feature request related to a problem? Please describe.
Yes. Anyone can go into my code, copy the Database Key and display all my public data on his website. I cant easily stop that because i have much public data, that is not posted from users and is mostly accessed by not registered users so i cant activate RLS and only let it access by Users.
Describe the solution you'd like
A simple textbox where i can write all my domains, that are allowed to get access to my database and all other domains that are trying to get access are simply blocked.
Describe alternatives you've considered
A very time consuming and bad Solution, but for now it works is to create for every Table a Police and activate RLS.
In the police you need to write the following Code. After that only this one Domain has access to the Tables Data.
(((current_setting('request.headers'::text, true))::json ->> 'referer'::text) = 'https://yourdomain.com/'::text)Beta Was this translation helpful? Give feedback.
All reactions