Closed ymc9 closed 3 months ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
zenstack-new-site | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Jun 27, 2024 8:52am |
[!WARNING]
Review failed
The pull request is closed.
The change adds a warning to the Supabase authentication guide, advising against using the getSession
API for validated user identity. Instead, it recommends using getUser
, which provides remote validation of user identity. This update aims to enhance security by ensuring user data is validated remotely, as discussed in a referenced GitHub discussion.
Files | Change Summary |
---|---|
docs/guides/authentication/supabase.md | Added a warning about using the getSession API and recommended using getUser for security. |
sequenceDiagram
participant User as User
participant App as Application
participant Supabase as Supabase
User->>App: Requests user session
App->>Supabase: getSession()
Supabase-->>App: Session data (unvalidated)
App-->>User: Response with session data (potential security risk)
Note over App: Previous Flow
User->>App: Requests user session
App->>Supabase: getUser()
Supabase-->>App: Validated user data
App-->>User: Response with validated user data
Note over App: Updated Flow
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Summary by CodeRabbit
getSession
API and recommended usinggetUser
for validated user identity, including a reference to a relevant GitHub discussion.