-
-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add isServer
property to server-side storage adapters
#722
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm not too clear as to why we can trust the cookies if isServer=false
- can you elaborate more on this?
We can't trust the cookies when
It's very easy to miss; it's also easy to miss by just thinking that In the reverse case where |
|
@hf but the same thing holds true if |
Yes, or to the underlying server -- which are both scenarios out of any security model on the web. |
Warn about using `getSession()` when the storage has `isSever` to true without previously having called `getUser()`. Warn each time the `user` is accessed as returned by `getSession()`. Relates to: - supabase/auth-helpers#722
This property will be picked up by auth-js (formerly known as gotrue-js) to warn or adjust behavior given that the storage medium (in this case cookies) cannot be trusted.