Closed davbauer closed 1 week ago
I encountered same problem on cloudflare pages hosted sveltekit app.
Seems like it was introduced with this bump of auth-js https://github.com/supabase/supabase-js/releases/tag/v2.41.1 and reason being cache:no-store not supported by cloudflare workers https://github.com/supabase/auth-js/commit/034bee09c3f0a4613d9a3e7bd3bc5f70682f5a66
actuall this release introduced another problem https://github.com/supabase/auth-js/releases/tag/v2.63.0 Now you get warnings logged for
"Using supabase.auth.getSession() is potentially insecure as it loads data directly from the storage medium (typically cookies) which may not be authentic. Prefer using supabase.auth.getUser() instead. To suppress this warning call supabase.auth.getUser() before you call supabase.auth.getSession()."
Even if you are not using getSession() anywhere because SupabaseClient itself uses it
I see getAccessToken here is using getSession https://github.dev/supabase/supabase-js/blob/6cfed0c2f958b94b0c9ff064f9e120217b6ba4ec/src/SupabaseClient.ts#L244
and its used with fetchWithAuth here https://github.dev/supabase/supabase-js/blob/6cfed0c2f958b94b0c9ff064f9e120217b6ba4ec/src/lib/fetch.ts#L35
invoked on SupabaseClient's constructor here https://github.dev/supabase/supabase-js/blob/6cfed0c2f958b94b0c9ff064f9e120217b6ba4ec/src/SupabaseClient.ts#L103
Downgrading the version was a work around so I'm using
"@supabase/ssr": "^0.1.0"
"@supabase/supabase-js": "^2.39.7"
to solve this problem
@orenaksakal
Thanks for the comment.
I tried downgrading to the from you specified supabase-js version. I also tried using other older versions of the supabase-js package and downgrading to another older wrangler version.
This sadly all resulted in the same issue for me (Wrangler Cloudflare Worker).
How can this even be possible? I am 100% sure I deleted the node_modules
, .wrangler
folder, and the yarn.lock
file and then reinstalled the packages.
Remark.
Was able to temporarily fix it by specifying the auth-js
version explicitly in the package.json
.
{
"@supabase/auth-js": "^2.62.0",
"@supabase/supabase-js": "2.39.8"
/* other packages */
}
Edit: Sometimes only including @supabase/auth-js
does not fix the issue. In that case try to add the following to your package.json
: (found out by: https://github.com/cloudflare/workerd/issues/698#issuecomment-2029490141)
"overrides": {
"@supabase/auth-js": "^2.62.0"
}
I have the same issue, the latest working version for me is ^2.40.0
, i think is because of bump functions-js
This is causing Supabase Auth not to work when deployed to Cloudflare. Reverting back to an older version of supabase-js seems to be a temporary workaround.
@raventos. This is super weird. When I use that fix on a new cloudflare worker project it works and the bug is gone. But when I do the same thing on our project, the bug still persist. I even did git pull to a new folder and tried to run the project there and I still get the same result. I can't explain it.
There is something extremely weird, I suspect it relates to how npm works. I have a folder in which I had a new "hello world" cloudflare worker project which I added supabase to. First without the addition of "@supabase/auth-js": "^2.62.0". After adding the auth-js line, this project is working without showing the bug.
I now created a new hello world project, copied all the files from the working project to this one, and the bug returned.
I then copied the node_modules folder from the working project to the new one, and the new one started to work again. Note that the package.json file of both projects is identical, but until I copied the actual node_modules folder, one project was working and one was failing.
The issue is present and in version 2.42.0
I have the same issue. How do we solve this error?
For now the only solution that worked for me was to add the following to package.json:
"@supabase/auth-js": "^2.62.0", "@supabase/supabase-js": "^2.39.8",
and
"overrides": { "@supabase/auth-js": "^2.62.0" }
@nechmads Thank you, that was really helpful. There was no urgent need to upgrade supabase-js to v2.41.1, so I ran yarn remove @supabase/supabase-js and then reinstalled it with 2.39.8. After that, everything started working normally again.
If you're using the right version of the package, you shouldn't have to override.
"@supabase/ssr": "^0.1.0",
"@supabase/supabase-js": "^2.39.8",
Version 2.39.8 will only have access to the gotrue 2.62.2 version. Just make sure to uninstall then reinstall it.
Hoping this gets fixed soon.
J
@jdgamble555 This might be a solution for a group of people but for @nechmads and me downgrading was for some reason not enough.
And yes I made sure to clear the package cache, regenerate a package-lock.json
etc.
@davbauer The solution was to also add:
"overrides": { "@supabase/auth-js": "^2.62.0" }
to package.json. That solved it. Othrwise, somehow npm sometimes still linked to the newer version.
@nechmads I am very well aware of that if you look at my previous/edited comments days ago.
I was just saying that for some people like you and me downgrading alone is not enough.
"Error: The 'cache' field on 'RequestInitializerDict' is not implemented."
"@supabase/ssr": "latest",
"@supabase/supabase-js": "^2.40.0",
Cloudflare, nextjs, next-on-pages
You can override the fetch
for the time being by passing an option to createSupabaseClient()
, as this is a security measure in NextJS that likes to cache things too eagerly sometimes. We're looking into removing it when deemed safe.
Check the globals.fetch
option https://supabase.com/docs/reference/javascript/initializing
@hf
I tried overriding the fetch using the example in the docs and it doesn't fix the issue on SvelteKit. I'm not exactly sure what it means to override the fetch and how I should do it on SvelteKit so some extra clarification on how to use that option to fix this issue would be amazing.
I failed to notice I was using createServerClient from /ssr, which unfortunately doesn't have this option. Would appreciate some guidance on what to do then.
Hi @hf thanks for your helpful input!
The globals.fetch
override works fine with createClient
, but unfortunately not with createServerClient
imported from @supabase/ssr
, as @evwltrs has already mentioned.
I am using:
"@supabase/ssr": "^0.3.0",
"@supabase/supabase-js": "^2.42.4",
...
"@remix-run/cloudflare": "^2.8.1",
"@remix-run/cloudflare-pages": "^2.8.1",
"wrangler": "^3.50.0"
This is the error:
AuthRetryableFetchError: The 'cache' field on 'RequestInitializerDict' is not implemented.
at _handleRequest2 (file:///xxx/node_modules/@supabase/auth-js/src/lib/fetch.ts:188:11)
at async _request (file:///xxx/node_modules/@supabase/auth-js/src/lib/fetch.ts:151:16)
at null.<anonymous> (async file:///xxx/.wrangler/tmp/dev-i7rAm1/functionsWorker-0.6340959581380707.js:42787:16)
at async SupabaseAuthClient._useSession (file:///xxx/node_modules/@supabase/auth-js/src/GoTrueClient.ts:1053:14)
at async SupabaseAuthClient._getUser (file:///xxx/node_modules/@supabase/auth-js/src/GoTrueClient.ts:1195:14)
at null.<anonymous> (async file:///xxx/.wrangler/tmp/dev-i7rAm1/functionsWorker-0.6340959581380707.js:42773:58)
at null.<anonymous> (async file:///xxx/.wrangler/tmp/dev-i7rAm1/functionsWorker-0.6340959581380707.js:42685:154) {
__isAuthError: true,
status: 0,
code: undefined
}
}
And also would appreciate some guidance on this.
addition:
Using older versions as @jdgamble555 mentioned, does indeed not solve the error for me. I just get another one:
AuthApiError: invalid claim: missing sub claim
@yankustefan
I downgraded to "@supabase/supabase-js": "2.39.7"
and it solved the issue for me.
I haven't noticed the AuthApiError.
Still getting the error on "@supabase/auth-js": "^2.64.0"
Works in "@supabase/supabase-js": "^2.42.7",
👏🏻
Bug report
Describe the bug
When using the following method
supabase.auth.getUser(jwt?: string)
in my wrangler clouflare workers api I get following error:
To Reproduce
I am using wrangler cloudflare worker and I am using hono for routing, but either way these lines should trigger the error:
After that data is null and error includes the error, which is pasted above.
Expected behavior
It should just get the user as usual, this problem occurred just since today for me.
Screenshots
System information
Additional context
Also not sure if its an issue from cloudflare wrangler itself. Reference to issue: https://github.com/cloudflare/workerd/issues/698
Would be cool to know if there is anything I can do, since I am not able to continue from there on.
For some reason I never stumbled into that problem 3 days ago and I have not changed any files / package versions, which I can verify by my git history and also recloning my project.
Could it be that something got updated from the server-side of supabase which my cloudflare worker can not handle anymore?
Thank you!