Open larbish opened 1 month ago
Have you heard back about this?
@larbish, you got any news about this issue?
No news about it so far... @thorwebdev could someone have a check at this please? I'd love to merge my PR in the module and use @supabase/ssr
package 🙏
We'll check this as soon as we can. Any external help in tracking down where the use comes from would help speed it up.
Looks like the code calls session.user
a couple of times. And it json stringifies the session as well, which would also trigger the warning.
I am seeing this constantly right now ever since updating to SSR 0.4.0 and following the documentation. Going back to SSR 0.3.0 this seems to git rid of the messages.
Bug report
Describe the bug
Maintainer of the nuxt/supabase module here.
We have a PR to migrate on the
@supabase/ssr
package and we're still experiencing this issue with the latest released version including your PR.I've removed all occurrences of getSession() in the module and I still have the warning.
Any help on this would be appreciate 🙏 I can't merge and release this PR until I get rid of this warning.
To Reproduce
Clone the nuxt/supabase repository, go on https://github.com/nuxt-modules/supabase/pull/357 PR and follow the development readme to run the playground.
Notice the
Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() events could be insecure
warning.Expected behavior
Do not display this warning.