Description
Improve documentation
Link
https://supabase.com/docs/guides/auth/server-side/nextjs
Describe the problem
Next.js will not follow middleware auth redirects in a server action. If a user's authentication is not valid (e.g. has expired), the server action returns a 307 but the user will not be redirected - can be very confusing to debug.
This only happens when the redirect comes from the middleware layer. Calling redirect() in the server action is fine.
See discussion here, where they advise to add an auth check to each server action:
vercel/next.js#64993
Auth docs recommends checking auth on each action.
https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#authentication-and-authorization
Describe the improvement
Docs should say to skip POST requests in middleware and validate the user in each route.