-
-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Realtime RLS Problems - Cannot INSERT or UPDATE, only DELETE #1114
Comments
I am experiencing this also, I was just coming to report this behavior... here's a video (below). As seen in the video below:
Screen.Recording.2024-08-04.at.1.35.55.PM.1.online-video-cutter.com.1.mp4
|
@filipecabaco just wanted to flag this on your end. Another weird thing about this bug... I am only experiencing this on the newest CLI version, with tables created after updating to v |
@filipecabaco major update to help debug this: I am experiencing this issue as early as supabase cli I am not experiencing this issue on supabase cli My best guess is that As a temporary work-around @rexhibition , you can use |
Thank you for your thorough report and suggested workaround. I hope this issue is resolved soon! 😊 I was a bit worried since hardly anyone had reported this before. |
thank you so much @barrownicholas 🙏 @rexhibition was the bug happening in an existing project, if so indeed one of the migrations could have broken something. Plus the |
Same exact issue with me, disabling RLS makes realtime work without issues but enabling it break insert/update events, running version 2.45.4 |
Hi 👋 Could you provide a repository or gist that is able to replicate the issue? |
Sure @filipecabaco ty for fast response: Example using prisma to replicate the exact setup, enables RLS & adds the tables to realtime table in the postinstall script so you can run the dev server > got to /test and it should log the issue, sometimes it gives an event but its "unauthorized" even though we're using the service_role key which should bypass RLS and sometimes it just doesn't catch the trigger, also I want to ask if realtime even works properly in server or is it supposed to only work on browser env? Moreover when we disable RLS the realtime updates work without issues so it doesn't seem to be an environment issue, you coudl try yourself in the postmigration.ts file to disable RLS and it should then work without issues whatsoever |
@filipecabaco sorry for being annoying but did you get any time to take a quick look at that? |
@Moe03 sorry for the delay, will check this Monday 👍 |
I ran into a potentially related issue with RLS and realtime yesterday. I was receiving I haven't found any documentation suggesting realtime If it sounds related I can reproduce the issue in a simplified example and share it here. |
@kadengriffith please do share, the more examples the better as it will help better understand it. I will work on this today still 🙏 sorry for the delay as there are multiple tracks on Realtime at the moment 😓 |
This is almost the exact issue I was facing. 'anon' role only got DELETE events, but I believe I actually did have policies for 'anon' because I could SELECT and INSERT as 'anon'. |
No problem. I'll get an example together 🫡 |
Interesting. That seems more like an entire RLS rule problem, but unsure. I'd have to look more closely at the example. It was really difficult for me to debug a separate JWT issue I was creating on my side because |
@filipecabaco, please see https://github.com/kadengriffith/supabase-realtime-1114 for reproduction 🙂 |
Actually after talking with a colleague I remembered of something really important 🤦 : Unfortunately we can't apply RLS policies to DELETE which is why it works for DELETE but not for INSERT and UPDATE. That's why DELETE always appears 😞 It's here in the documentation https://docs-git-docs-new-realtime-limitations-view-supabase.vercel.app/docs/guides/realtime/postgres-changes#receiving-old-records but I will add the feedback that this should be way more visible to users. |
@filipecabaco Gotcha! No issues on my end then 😊. Thanks for pointing to the docs. That's very helpful to know. Sorry to waste cycles! |
No waste! clearly that warning need to be more prominent in the docs |
@Moe03 I will still look at your scenario as it seems that there are more scenarios to take into consideration |
@Moe03 can you point me in the demo where you are creating the RLS policies for each table? I do see that you enable RLS but I don't see the settings of each RLS policy for each table. |
We only enable RLS without specifying any rules & I assume the service role bypassed these rules all together isn't that the case? |
@filipecabaco Alright I understand now, adding this line in the script: grant all on table "${tableName}" to service_role; fixes the issue and i'm able now to recieve updates, ty for your help! |
I am facing exactly opposite issue recently supabase/supabase#30027 |
Bug report
Describe the bug
My Supabase table when I set the primary key column to be NanoID caused a problem with Realtime detecting changes.
Basically, it only registers DELETE. When I INSERT or UPDATE anything in the table, Realtime doesn't detect it. When I set the primary key back to UUID by default, it's working fine.
However, when I disable RLS completely from that table. The Realtime works normally with NanoID. So I think there might be some problem with the RLS or authentication.
Screenshots
My VueJS code for subscribing & submiting data.
I even tried to create a public RLS but still not working.
System information
The text was updated successfully, but these errors were encountered: