Storage download from private buckets works still after sign out

Question

Storage download from private buckets works still after sign out

Kadnium opened this issue 3 years ago · 1 comments

Kadnium commented 3 years ago

Bug report

Describe the bug

Private storage bucket files can be still downloaded after logging out from supabase session

To Reproduce

Create private bucket and add file
Add policy for bucket auth.role() = 'authenticated' AND bucket_id = 'bucket_name'
Try to download file as anon - works as intended and throws error
Sign in user through supabase.auth.signIn method
Try to download file as authenticated - works as intended and downloads the file
Sign out user through supabase.auth.signOut method
Try to download file as anon - download shouldn't work anymore but it works

Expected behavior

After signing user out, the file should not be able to be downloaded anymore.

Screenshots

Behavior of regular data and storage data compared before login, during session and after logout

storage_problem.mp4

System information

OS: Windows
Browser: Chrome
Version of supabase-js: 1.35.2
Version of Node.js: 16.13.2

Additional context

Is this problem caused because of cdn caching the images and supabase is ignoring the policies because of that?

Answer 1 · 2022-08-04T07:18:53.000Z

Hi @Kadnium, this was a CDN misconfiguration that happened for a short period of time. This was fixed sometime ago, let me know if you are still seeing this issue.