You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem: Our Edge Function requires an internal header x-internal-token (matches project secret INTERNAL_CRON_TOKEN). The same request works from an external terminal (curl) but returns 403 when called from:
our product (server-side Next.js route), and
Supabase “Test” tool (with x-internal-token set).
Expected: POST to the function should succeed when sending:
Authorization: Bearer
x-internal-token:
JSON body: { "job_id": "" }
Observed:
curl (external): 200 (job starts).
Product (server-side): 403.
Studio: 403 (even with the same x-internal-token value).
The function is deployed (latest version) and the Function URL is correct.
What we verified:
INTERNAL_CRON_TOKEN is set in project secrets.
We redeployed the function after changing secrets.
We are using the Function URL copied from the function page.
GET health checks can succeed via curl with the same token.
Ask:
Why does the same x-internal-token succeed from external curl but return 403 from the Studio tool and our server-side app?
Is there any known issue or header filtering in Studio or platform proxies that could prevent x-internal-token from reaching the function on POST?
How can we reliably confirm (on the platform side) that x-internal-token is arriving for these requests and diagnose why the function sees a mismatch only for Test/Product calls?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Supabase
Uh oh!
There was an error while loading. Please reload this page.
-
Problem: Our Edge Function requires an internal header
x-internal-token(matches project secretINTERNAL_CRON_TOKEN). The same request works from an external terminal (curl) but returns 403 when called from:x-internal-tokenset).Expected: POST to the function should succeed when sending:
Observed:
x-internal-tokenvalue).What we verified:
INTERNAL_CRON_TOKENis set in project secrets.Ask:
x-internal-tokensucceed from external curl but return 403 from the Studio tool and our server-side app?x-internal-tokenfrom reaching the function on POST?x-internal-tokenis arriving for these requests and diagnose why the function sees a mismatch only for Test/Product calls?Beta Was this translation helpful? Give feedback.
All reactions