feat(getSession): option to suppress server side getSession warning manually #953
+4
−2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marcusklausen
changed the title
|
Can we please get this PR in? It isn't very pleasant these logs |
|
Several of users complained about this warning. Please consider this PR |
|
Please consider this. |
|
Found a temporary "fix" const originalWarn = console.warn;
console.warn = () => {
// supabase complaining
};
const {
data: { session },
} = await supabase.auth.getSession();
console.warn = originalWarn; |
thanks so much man, I've been trying to suppress these for ages. logs are finally usable again |
|
An option like this would be great. My previous solutionI went and used diff --git a/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js b/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js
index fb3b6e6..cd67819 100644
--- a/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js
+++ b/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js
@@ -809,7 +809,7 @@ export default class GoTrueClient {
get: (target, prop, receiver) => {
if (!suppressWarning && prop === 'user') {
// only show warning when the user object is being accessed from the server
- console.warn('Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() events could be insecure! This value comes directly from the storage medium (usually cookies on the server) and many not be authentic. Use supabase.auth.getUser() instead which authenticates the data by contacting the Supabase Auth server.');
+ // console.warn('Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() events could be insecure! This value comes directly from the storage medium (usually cookies on the server) and many not be authentic. Use supabase.auth.getUser() instead which authenticates the data by contacting the Supabase Auth server.');
suppressWarning = true; // keeps this proxy instance from logging additional warnings
this.suppressGetSessionWarning = true; // keeps this client's future proxy instances from warning
}But upgrading Supabase deps requires re-patching, which is less than ideal. My patch also supresses the warning everywhere, which might lead to issues in cases where it really is relevant. Being able to explicitly suppress this warning in cases where it's not helpful would be great. Updated patch for this approachFor anyone else that wants this feature ASAP without waiting for this PR to be merged, here's what my new
diff --git a/node_modules/@supabase/auth-js/dist/module/GoTrueClient.d.ts b/node_modules/@supabase/auth-js/dist/module/GoTrueClient.d.ts
index 4a30e44..74b02a8 100644
--- a/node_modules/@supabase/auth-js/dist/module/GoTrueClient.d.ts
+++ b/node_modules/@supabase/auth-js/dist/module/GoTrueClient.d.ts
@@ -169,9 +169,9 @@ export default class GoTrueClient {
* to the client. If that storage is based on request cookies for example,
* the values in it may not be authentic and therefore it's strongly advised
* against using this method and its results in such circumstances. A warning
- * will be emitted if this is detected. Use {@link #getUser()} instead.
+ * will be emitted if this is detected, unless suppressWarning is set to true. Use {@link #getUser()} instead.
*/
- getSession(): Promise<{
+ getSession(options?: { suppressWarning?: boolean }): Promise<{
data: {
session: Session;
};
diff --git a/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js b/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js
index 353bee1..66c107e 100644
--- a/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js
+++ b/node_modules/@supabase/auth-js/dist/module/GoTrueClient.js
@@ -704,7 +704,8 @@ export default class GoTrueClient {
* against using this method and its results in such circumstances. A warning
* will be emitted if this is detected. Use {@link #getUser()} instead.
*/
- async getSession() {
+ async getSession(options) {
+ this.suppressGetSessionWarning = options?.suppressWarning ?? false
await this.initializePromise;
const result = await this._acquireLock(-1, async () => {
return this._useSession(async (result) => {This is specific to v2.64.2 of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
options param introduced on
getSessionwith asuppressWarningprop to suppress the following server warning:What is the current behavior?
Currently the warning is displayed whenever getSession is accessed from the server, this causes excessive logs and hurts DX.
#873
#895
What is the new behavior?
Warnings are suppress if
suppressWarning: trueinoptionsAdditional context
Add any other context or screenshots.