-
-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Headers provided to Supabase client are not used in requests #166
Comments
Hello, The data has been sending to the correct method |
@brattonross I'm looking at writing a PR to add in header handling for the clients, so we can pass in custom headers. I'm unclear about the example you give - passing auth headers to the storage client. I note that the storage client is initialised here:
Which pulls the headers from (#218 added custom headers to the auth client - my PR will add them to the other clients as well) |
Hey @dabarrell, I was mainly interested in being able to pass my user's access token through to the server-side so that I could fetch data that was behind row-level security. It has been a little while since I raised the issue, but I believe at the time I was writing a Next.js application and using Supabase as my backend. In particular I was working on a feature to allow users to create a "profile", where they could enter some basic information and upload an avatar (hence the use of the storage client). I decided to use a server-side API call to fetch the user's avatar, because this would allow me to simplify the markup and just render an From memory, the issue was that It looks like this code may have changed since, and this comment seems to suggest that there is a way to achieve authenticated server-side requests, but I guess initializing the Supabase client with custom headers still does not work as expected in the issue description. I hope this was useful for you, thanks |
Bug report
Describe the bug
Headers passed to the supabase client upon creation are not sent as part of requests made by the client.
To Reproduce
Note: This reproduction example assumes that you are querying a storage bucket that has policies applied so that only authenticated users may read from the bucket, and that the request is being made outside of a browser environment e.g. from a Next.js API route.
Authorization
header that was provided on creationExpected behavior
Supabase client uses the headers provided in the call to
createClient
when making requests.In the example above this would set the
Authorization
header on the request to the Storage API, allowing the server to make a request to the restricted content on behalf of the user.Screenshots
N/A
System information
Additional context
This issue was created off the back of this comment, and is discussed further in that thread.
The text was updated successfully, but these errors were encountered: