Next.js doesn't support auth redirects in middleware for server actions #50
Labels
documentation
Improvements or additions to documentation
Comments
|
Same issue for example from Stripe Webhooks incoming. |
|
Oh wow! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Improve documentation
Link
https://supabase.com/docs/guides/auth/server-side/nextjs
Describe the problem
Next.js will not follow middleware auth redirects in a server action. If a user's authentication is not valid (e.g. has expired), the server action returns a 307 but the user will not be redirected - can be very confusing to debug.
This only happens when the redirect comes from the middleware layer. Calling redirect() in the server action is fine.
See discussion here, where they advise to add an auth check to each server action:
vercel/next.js#64993
Auth docs recommends checking auth on each action.
https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#authentication-and-authorization
Describe the improvement
Docs should say to skip POST requests in middleware and validate the user in each route.
The text was updated successfully, but these errors were encountered: