Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: check for access token in header #882

Merged
merged 1 commit into from
Apr 20, 2024
Merged

fix: check for access token in header #882

merged 1 commit into from
Apr 20, 2024

Conversation

kangmingtay
Copy link
Member

@kangmingtay kangmingtay commented Apr 20, 2024
edited
Loading

What kind of change does this PR introduce?

@kangmingtay kangmingtay merged commit ae4a53d into master Apr 20, 2024
6 checks passed
@kangmingtay kangmingtay deleted the km/fix-get-user branch April 20, 2024 06:00
@github-actions github-actions bot mentioned this pull request Apr 20, 2024
Merged
j4w8n
j4w8n reviewed Apr 20, 2024
View reviewed changes
Copy link
Contributor

@j4w8n j4w8n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing to keep in mind is that the Authorization header will always exist since the anon key is there by default, right? So hasAccessToken will always be true; which makes this whole section of code useless, and you might as well go back to no checks.

One thing you could do when the client is created is check if the dev passed in an Authorization header. If so, set something like this.hasCustomAuthHeader = true - which would be intialized as false during client creation.

Then you could check for that on the right side of || in this getUser code.

hf added a commit that referenced this pull request Apr 20, 2024
@hf
Revert "fix: check for access token in header (#882)"
94e1c45 
This reverts commit ae4a53d.
@hf hf mentioned this pull request Apr 20, 2024
Merged
hf added a commit that referenced this pull request Apr 20, 2024
@hf
fix: revert check for access token in header (#882)
ce453ac 
This reverts commit ae4a53d.
@hf
Copy link
Contributor

hf commented Apr 20, 2024

@j4w8n Thanks for catching this! You're a ⭐

kangmingtay pushed a commit that referenced this pull request Apr 25, 2024
@hf
fix: revert check for access token in header (#885)
03d8ba7 
Reverts #882 due to

> One thing to keep in mind is that the Authorization header will always
exist since the anon key is there by default, right? So hasAccessToken
will always be true; which makes this whole section of code useless, and
you might as well go back to no checks.
>
> One thing you could do when the client is created is check if the dev
passed in an Authorization header. If so, set something like
this.hasCustomAuthHeader = true - which would be intialized as false
during client creation.
> 
> Then you could check for that on the right side of || in this getUser
code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@j4w8n j4w8n j4w8n left review comments

@soedirgo soedirgo soedirgo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

supabase-js@2.42.5 breaks client auth with edge functions
4 participants
@kangmingtay @hf @j4w8n @soedirgo