Supabase Auth Warning

[ifzm]

Version

@nuxtjs/supabase: 1.3.5 nuxt: 3.12.3

Reproduction Link

Steps to reproduce

const user = useSupabaseUser()
watchEffect(() => {
    if (user.value) {
        navigateTo('/')
    }
})

What is Expected?

no warning (

What is actually happening?

 WARN  Using the user object as returned from supabase.auth.getSession() or from some  
 supabase.auth.onAuthStateChange() events could be insecure! This value comes directly from the storage  
 medium (usually cookies on the server) and many not be authentic. Use supabase.auth.getUser() instead  
 which authenticates the data by contacting the Supabase Auth server.  

[larbish]

This warning is related to the supabase/ssr lib. Can you please upvote this issue to encourage the Supabase maintainers to address it?

[ifzm]

OK, I'll do it.

[brentreilly]

I upvoted it as well. In the meantime, do you have any recommendations? Doesn't seem to be negatively impacting my app.

[larbish]

It's not impacting your app. Let's wait for the fix from the Supabase team.

[oripka]

Just updated from 1.2.2 to 1.4.0 and getting this issue now, before it was fine with the same code

[Eckhardt-D]

Just leaving my hack here for anyone who cannot deal with the log messages lol. It probably only works for package managers that can do patching and I'll use pnpm as an example:

pnpm patch @supabase/auth-js

Remember/store the output to run to commit your patch when done with the following

Now cd to the /tmp/xxx path and edit the following files:

• dist/main/GoTrueClient.js
• dist/module/GoTrueClient.js

What to edit?

I did a find for console.warn and on lines 822 and 817 respectively I just added a // in front of the line logging Using the user object ....

When done, cd back to the project and run

pnpm patch-commit `/tmp/xxxx`

Unfortunately this silences the log for real insecure usage too, so that's a trade-off you'll have to make for cleaner dev logs.