PublicArchive/supabase
2
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-05-06 08:56:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

docs: add warning regarding db-pre-request usage (#41354)

Browse Source
This commit is contained in:
Filipe Cabaço
2025-12-16 09:08:27 +00:00
committed by GitHub
parent 9274b81bd7
commit feecf1f121
3 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/docs/content/_partials/db_pre_request_warning.mdx
+31
View File
@@ -0,0 +1,31 @@
<Admonition type="caution">
The `pgrst.db_pre_request` configuration only works with the **Data API** (PostgREST). It does not work with Realtime, Storage, or other Supabase products.
If you're using `db_pre_request` to call a function (like `set_information()`) that sets up context or performs checks on every request, and you need similar behavior for other Supabase products, you must call the function directly in your Row Level Security (RLS) policies instead.
**Example:**
If you have a `db_pre_request` function that calls `set_information()` that returns `true` to set up context or perform checks, and you have an RLS policy like:
```sql
create policy "Individuals can view their own todos."
on todos for select
using ( (select auth.uid()) = user_id );
```
To achieve the same behavior with other Supabase products, you need to call the function directly in your RLS policy:
```sql
create policy "Individuals can view their own todos."
on todos for select
using ( set_information() AND (select auth.uid()) = user_id );
```
This ensures the function is called when evaluating RLS policies for all products, not just Data API requests.
**Performance consideration:**
Be aware that calling functions directly in RLS policies can impact database performance, as the function is evaluated for each row when the policy is checked. Consider optimizing your function or using caching strategies if performance becomes an issue.
</Admonition>
apps/docs/content/guides/api/securing-your-api.mdx
+6
View File
@@ -97,6 +97,8 @@ This configures the `public.check_request` function to run on every Data API req
notify pgrst, 'reload config';
```
<$Partial path="db_pre_request_warning.mdx" />
Inside the function you can perform any additional checks on the request headers or JWT and raise an exception to prevent the request from completing. For example, this exception raises a HTTP 402 Payment Required response with a `hint` and additional `X-Powered-By` header:
```sql
@@ -249,6 +251,8 @@ alter role authenticator
notify pgrst, 'reload config';
```
<$Partial path="db_pre_request_warning.mdx" />
To clear old entries in the `private.rate_limits` table, set up a [pg_cron](/docs/guides/database/extensions/pg_cron) job to clean them up.
</TabPanel>
@@ -329,6 +333,8 @@ alter role authenticator
notify pgrst, 'reload config';
```
<$Partial path="db_pre_request_warning.mdx" />
</TabPanel>
</Tabs>
apps/docs/content/guides/database/debugging-performance.mdx
+2
View File
@@ -88,6 +88,8 @@ alter role authenticator set pgrst.db_pre_request to 'filter_plan_requests';
notify pgrst, 'reload config';
```
<$Partial path="db_pre_request_warning.mdx" />
Replace `'123.123.123.123'` with your actual IP address.
## Disabling explain