Comments (6)
However, even after all that, running the same RPC call results in 403 (permission denied for schema extensions).
Hm, maybe you're missing GRANT USAGE ON SCHEMA extensions TO service_role
? (noted here)
Are there any potential downsides or security concerns with doing this?
No, granting usage to extensions is something we're going to do for all projects on a later fix. You only need to make sure your public
schema tables/views/functions are secured according to your application logic.
from supabase-js.
Resolved - The pg_trgm
extension is installed to the extensions
schema by default. Removing it and reinstalling to pg_catalog
schema resolved the issue:
DROP EXTENSION pg_trgm;
CREATE EXTENSION pg_trgm SCHEMA pg_catalog;
Could anyone clarify if this is safe to do, or if the original issue is a bug that could be fixed inside the library?
from supabase-js.
@ChronSyn Check this issue: supabase/postgrest-js#168
Also: supabase/supabase#1048 (comment)
from supabase-js.
Could anyone clarify if this is safe to do
Installing into pg_catalog is usually discouraged, since it pollutes an internal postgres namespace. Maybe you can just use extensions.similarity
inside your function for now and grant the permissions as mentioned here.
from supabase-js.
Could anyone clarify if this is safe to do
Installing into pg_catalog is usually discouraged, since it pollutes an internal postgres namespace. Maybe you can just use
extensions.similarity
inside your function for now and grant the permissions as mentioned here.
I disabled the extension, and then re-enabled it via the dashboard. I've dropped my function, updated it to use the extensions.similarity
call (from similarity
), and then executed the query to add the function again. I then granted usage to anon and authenticated using the details in the link. I can see in pgAdmin that grantee's anon
and authenticated
have the usage
privilege (U
), both with a grantor of postgres
. I have also checked the search path for the API, and it is defined as public, extensions
.
However, even after all that, running the same RPC call results in 403 (permission denied for schema extensions
).
The link also mentions it won't happen for new projects - Would I need to spin up a completely new project in order for this to take effect?
If I grant usage to service_role
(grant usage on schema extensions to service_role;
), I am able to execute the function via rpc()
. Are there any potential downsides or security concerns with doing this?
from supabase-js.
However, even after all that, running the same RPC call results in 403 (permission denied for schema extensions).
Hm, maybe you're missing
GRANT USAGE ON SCHEMA extensions TO service_role
? (noted here)
Yep - turns out that was the issue. Is that the user that RPC calls are routed through, and should I be concerned about it causing any potential security or performance issues?
from supabase-js.
Related Issues (20)
- ParserError on return type with aggregate functions HOT 1
- The 'cache' field on 'RequestInitializerDict' is not implemented - Cloudflare Workers HOT 23
- Extremely dangerous bug: Partial .rpc(...) execution when client is called from Next14 Server Actions. Breaks ACID guarantee.
- List all users (auth schema) not working with local environment HOT 2
- Bug/Proposal: try catch not working on supabase api functions HOT 1
- Deploy Svelte and Supabase to Google cloud and supabase is unable to get the environment variables HOT 1
- Twitter OAuth stopped working
- supabase stop --no-backup doesn't delete backup
- `GoTrueClient` Memory Leak HOT 1
- docs: clarify if client supports retry HOT 1
- Cloudflare Block for Incoming Webhooks - Edge Functions
- TS `ParserError` for spread operation in `select`
- Newly added column doesn't exist on update, but when I fetch, it's visible HOT 1
- docs: improve py create a new user HOT 1
- Enabling Post-Signup Email Verification without Blocking User Sign-In on Supabase (Resend) HOT 5
- Nextjs14 with Supabase Auth - AuthApiError: invalid claim: missing sub claim HOT 23
- Max rows in API Settings doesn't work on local development
- chore(deps): Update postgrest-js version to 1.13.0
- Network Error (Fetch) on Expo React Native
- signInAnonymously returns 500 Database error creating anonymous user HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from supabase-js.