Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: check for access token in header #882

Merged
merged 1 commit into from
Apr 20, 2024
Merged

Conversation

kangmingtay
Copy link
Member

@kangmingtay kangmingtay commented Apr 20, 2024

What kind of change does this PR introduce?

@kangmingtay kangmingtay merged commit ae4a53d into master Apr 20, 2024
6 checks passed
@kangmingtay kangmingtay deleted the km/fix-get-user branch April 20, 2024 06:00
Copy link
Contributor

@j4w8n j4w8n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing to keep in mind is that the Authorization header will always exist since the anon key is there by default, right? So hasAccessToken will always be true; which makes this whole section of code useless, and you might as well go back to no checks.

One thing you could do when the client is created is check if the dev passed in an Authorization header. If so, set something like this.hasCustomAuthHeader = true - which would be intialized as false during client creation.

Then you could check for that on the right side of || in this getUser code.

hf added a commit that referenced this pull request Apr 20, 2024
hf added a commit that referenced this pull request Apr 20, 2024
@hf
Copy link
Contributor

hf commented Apr 20, 2024

@j4w8n Thanks for catching this! You're a ⭐

kangmingtay pushed a commit that referenced this pull request Apr 25, 2024
Reverts #882 due to

> One thing to keep in mind is that the Authorization header will always
exist since the anon key is there by default, right? So hasAccessToken
will always be true; which makes this whole section of code useless, and
you might as well go back to no checks.
>
> One thing you could do when the client is created is check if the dev
passed in an Authorization header. If so, set something like
this.hasCustomAuthHeader = true - which would be intialized as false
during client creation.
> 
> Then you could check for that on the right side of || in this getUser
code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[email protected] breaks client auth with edge functions
4 participants