You have an Edge Function deployed on Supabase that requires user authentication. What will happen if a client calls this function without providing any authentication token?
Think about what happens when a protected resource is accessed without credentials.
Edge Functions that require authentication will reject requests without valid tokens, returning a 401 Unauthorized error to indicate the client must authenticate.
You want to call an Edge Function named hello from your client app using Supabase's JavaScript client. Which code snippet correctly sends a POST request with a JSON body {"name": "Alice"}?
Remember to specify the HTTP method and convert the body to a string.
The invoke method requires the HTTP method to be set to POST when sending a body, and the body must be a JSON string.
You have an Edge Function that accesses sensitive data. Your client app is public and runs in users' browsers. How should you protect the sensitive data when invoking the Edge Function?
Think about where sensitive data should be checked and who should have access.
Authentication and authorization should be enforced server-side in the Edge Function to ensure only authorized users access sensitive data. Client-side secrets can be exposed and are not secure.
Supabase Edge Functions have a maximum execution time limit. What is the expected behavior if a function exceeds this limit when called from a client?
Consider what happens when a serverless function exceeds its time limit.
Supabase Edge Functions have a hard timeout (usually 10 seconds). If exceeded, the function is stopped and the client receives a timeout error.
You want to protect your Supabase Edge Functions from CSRF attacks when called from a browser. Which approach is the most effective?
Think about how CSRF tokens and cookies work together to prevent attacks.
Using HTTP-only cookies with CSRF tokens validated server-side is a standard and effective way to prevent CSRF attacks. CORS alone does not prevent CSRF.