Next.js doesn't support auth redirects in middleware for server actions

Question

Next.js doesn't support auth redirects in middleware for server actions

Daniel-Ash opened this issue 7 months ago · 2 comments

Improve documentation

Link

https://supabase.com/docs/guides/auth/server-side/nextjs

Describe the problem

Next.js will not follow middleware auth redirects in a server action. If a user's authentication is not valid (e.g. has expired), the server action returns a 307 but the user will not be redirected - can be very confusing to debug.

This only happens when the redirect comes from the middleware layer. Calling redirect() in the server action is fine.

See discussion here, where they advise to add an auth check to each server action:
vercel/next.js#64993

Auth docs recommends checking auth on each action.
https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#authentication-and-authorization

Describe the improvement

Docs should say to skip POST requests in middleware and validate the user in each route.

hf commented 7 months ago

Oh wow!

😄1

Answer 1 · 2024-08-27T07:33:27.000Z

Same issue for example from Stripe Webhooks incoming.