Threads
Loading user profile...
Thank you for your answer, for you is normal 400MB/500MB usage ? thanks
Thank you Gary
Yes sorry, I am a bit confused, I want to use the least risky solution. I will follow your advise and execute:
And keep using REST API
I just want to mask the display of the schema
thank you so much
Ok thank you for clear explanations. So for my case (only blocking acess to open-api schema), I can use the following command without problem (I am in production 😅 ) ? ALTER ROLE authenticator SET pgrst.openapi_mode TO 'disabled'; NOTIFY pgrst, 'reload config' Even if it is for role "authenticator" it will block the open-api schema for public, anon, and authenticated right ?
thank you for the link
Sorry but I do not understand, what do the link that you send ? it execute a pre request on each request ? how it can block access to the open-api schema ?
so I can use either one
Thank you
what do you think about these 2 commands ?
https://github.com/orgs/supabase/discussions/9464#discussioncomment-3893177
Thank you so much
Thanks for the suggestion! Unfortunately I'm using Supabase Cloud, so I don't have access to the PostgREST configuration. Because of that I can't set db-root-spec to override the OpenAPI response.
😉
I ve just moving them into a private schema, its better
thank you
Thanks for the info and your help! I’ve seen Supabase team members mention on Reddit that they’re working on it, so we’re really looking forward to it. And thanks to the team for the great work!
Thanks for the link, that’s helpful. The pre-request function approach makes sense. That said, it’s still a bit unfortunate there’s no built-in rate limiting, especially since the docs recommend exposing the public key client-side. Even with Cloudflare DDoS protection, it’s still possible to spam DB/RPC endpoints using the public key (I tested it). Some native per-IP or per-user throttling would be great to have.
Thank you
I have just tried, and now it is working
2.65.7
Thank you so much 🙌
Thanks a lot for the clarification, that’s very helpful 🙏 Just to clarify my original question: I was mainly referring to rate limits on database table queries (PostgREST / RPC) made from SSR, not specifically the Auth endpoints. Do similar rate-limit considerations apply there as well when all requests come from the same server IP? Thanks again!
🙂
thank you so much
thank you so much Ibrahim, but why do I have to set verify-jwt as false ? and where can I do it please ? thanks
thank you bro