mirror of
https://github.com/supabase/supabase.git
synced 2026-05-07 06:27:16 +08:00
41f9ddd70c
## What Updates all `setAll` cookie handler implementations across docs and examples to accept the new `headers` second argument introduced in `@supabase/ssr` v0.10.0 ([supabase/ssr#176](https://github.com/supabase/ssr/pull/176)). ## Why `@supabase/ssr` v0.10.0 introduced a breaking change: `setAll` now receives a required second argument `headers: Record<string, string>` alongside the cookies array. When a token refresh occurs, the library passes cache headers (`Cache-Control`, `Expires`, `Pragma`) that must be applied to the HTTP response to prevent CDN caching of auth responses. Because TypeScript allows functions with fewer parameters to satisfy a type expecting more, existing `setAll` implementations do not produce a type error when the second argument is omitted. Users who copy an outdated snippet will silently miss the CDN protection. Root cause and context: [supabase/supabase-js#1682](https://github.com/supabase/supabase-js/issues/1682) ## Changes **Proxy/middleware contexts** (where token refreshes happen) now apply the cache headers to their response: - Next.js proxy files: `supabaseResponse.headers.set(key, value)` - SvelteKit hooks: `event.setHeaders(headers)` - Hono middleware: `c.header(key, value)` - Pages Router (Express-style): `ctx.res.setHeader(key, value)` - Remix/React Router loaders and actions: applied to response headers (outer `headers` variable renamed to `responseHeaders` to avoid naming conflict with the new param) **Server Component and API route contexts** (no response object available) accept `_headers` without applying them. ## Files updated - `apps/docs/content/guides/auth/server-side/creating-a-client.mdx` (inline Astro, Remix, React Router, Express snippets) - `apps/docs/content/_partials/oauth_pkce_flow.mdx` - `apps/docs/content/guides/auth/oauth-server/getting-started.mdx` - `apps/docs/content/guides/auth/passwords.mdx` - `apps/docs/content/troubleshooting/how-to-migrate-from-supabase-auth-helpers-to-ssr-package-5NRunM.mdx` - `examples/auth/nextjs/`, `examples/auth/nextjs-full/` (proxy + server) - `examples/auth/sveltekit/`, `examples/auth/sveltekit-full/` - `examples/auth/hono/`, `examples/auth/hono-full/` - `examples/user-management/nextjs-user-management/` (proxy + server) - `examples/user-management/sveltekit-user-management/` - `examples/realtime/nextjs-authorization-demo/` (proxy + server) - `examples/realtime/nextjs-auth-presence/` (pages router) - `examples/prompts/nextjs-supabase-auth.md`