-
Notifications
You must be signed in to change notification settings - Fork 250
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
migrate to new supabase ssr auth package #63
base: main
Are you sure you want to change the base?
Conversation
Very cool! Are you planning on updating once you find the remaining issues you described in #29? I'll hold off a detailed CR until then, probably. |
Yes, I'll have a look at it in a few hours. |
It looks like the warnings originate from I wanted to make PR fixing this into the supabase/auth-ui, but it says it's in "Maintenance mode" which I suppose means that the PR would go unmerged for a while. So we have a few options here. I'd be interested in hearing which one would you prefer, @scosman
|
I'd been meaning to add those stripe_customers definitions back to this repo, so I noticed you also added an id prop. Should that also be added to the creation of that table? CMSaasStarter/database_migration.sql Line 27 in 7904d41
|
You're right, there should be no |
@kizivat can you check the security concern? I think I got them all. I completely removed the old method so would have caused build errors if not (I think). That's urgent because... security. Should split that out into the minimal PR if there is anything left. For the rest: on vacation so won't be able to review till next week! But excited to get this in. |
You're right, you got them all, just double checked. I didn't notice you've removed original |
Thanks again for this PR. Looks good for quality (not final pass but initial looks good). However: those errors sure are annoying! I do think almost all are originating in our code. The fix suggested here (bit too much of a hack for my liking) does reduce the volume by 95%: supabase/auth-js#873 (comment) - now the code in question does come straight from the supabase guide.... Lots of other folks have the issue too, including after following latest official guides: supabase/auth-js#873 I'm hoping they update docs and/or lib with an approved approach, and am inclined to wait for that. Better old system than one firing lots of security warnings. Also would take this if you can find a clean way to fix this. Potentially the forms you mention, and the a fix to getSafeSession like the ones suggested in the link above? |
This seems to be the issue we're waiting on: supabase/auth-js#888 |
@kizivat Does this change work with |
well, this change removes the |
haha, of course. Okay, let's wait until supabase/auth-js#888 is resolved then. |
As I commented on #29 there are still few
warnings being logged. I'm unable to locate where they are coming from atm, but I'm opening this draft PR in case someone would like to have a look.