Would it be safe to place secrets in route handlers/edge functions?
Answered
Floh posted this in #help-forum
FlohOP
I have a project using Supabase for auth, and I want to give users the option to delete their own account. The only way to do this with Supabase is with admin authorization using the service key (dangerous, bypasses all security, client can never see it).
Are api routes/route handlers/edge functions ever exposed to the client?
I would want to have for example:
I'm also a little confused on the difference between edge functions and route handlers.
Are api routes/route handlers/edge functions ever exposed to the client?
I would want to have for example:
app/auth/delete-account/route.tsI'm also a little confused on the difference between edge functions and route handlers.
Answered by joulev
Yes it is safe. The client only has access to the returned response, so as long as you don’t
return new Response(accessToken) you should be fine1 Reply
@Floh I have a project using Supabase for auth, and I want to give users the option to delete their own account. The only way to do this with Supabase is with admin authorization using the service key (dangerous, bypasses all security, client can never see it).
Are api routes/route handlers/edge functions ever exposed to the client?
I would want to have for example:
app/auth/delete-account/route.ts
I'm also a little confused on the difference between edge functions and route handlers.
Yes it is safe. The client only has access to the returned response, so as long as you don’t
return new Response(accessToken) you should be fineAnswer