fix(supabase): use internal URL for all server-side clients with cookie name matching

ROOT CAUSE FIX: All server-side Supabase clients (server-client, middleware-client, server-admin-client) now use SUPABASE_INTERNAL_URL (http://supabase-kong:8000) when available, with cookieOptions.name set to match the external URL's cookie key (e.g. sb-myeasycms-auth-token). This gives us: - Reliable Docker-internal networking (no hairpin NAT through Traefik) - Correct session cookie matching between browser and server - No more 500 errors on SSR pages that query Supabase Reverted per-page try/catch workarounds since root cause is now fixed.
2026-04-01 13:53:59 +02:00
parent 4aa11cd408
commit 49fd6b65b9
7 changed files with 64 additions and 29 deletions
--- a/packages/supabase/src/clients/middleware-client.ts
+++ b/packages/supabase/src/clients/middleware-client.ts
@@ -9,8 +9,8 @@ import { getSupabaseClientKeys } from '../get-supabase-client-keys';
 /**
 * Creates a middleware client for Supabase.
 *
- * @param {NextRequest} request - The Next.js request object.
- * @param {NextResponse} response - The Next.js response object.
+ * Uses SUPABASE_INTERNAL_URL when available for reliable Docker networking,
+ * with cookieOptions.name matching the external URL's cookie key.
 */
 export function createMiddlewareClient<GenericSchema = Database>(
  request: NextRequest,
@@ -18,7 +18,15 @@ export function createMiddlewareClient<GenericSchema = Database>(
 ) {
  const keys = getSupabaseClientKeys();

-  return createServerClient<GenericSchema>(keys.url, keys.publicKey, {
+  const internalUrl = process.env.SUPABASE_INTERNAL_URL;
+  const url = internalUrl || keys.url;
+
+  const cookieOptions = internalUrl
+    ? { name: deriveCookieName(keys.url) }
+    : undefined;
+
+  return createServerClient<GenericSchema>(url, keys.publicKey, {
+    ...(cookieOptions ? { cookieOptions } : {}),
    cookies: {
      getAll() {
        return request.cookies.getAll();
@@ -35,3 +43,13 @@ export function createMiddlewareClient<GenericSchema = Database>(
    },
  });
 }
+
+function deriveCookieName(supabaseUrl: string): string {
+  try {
+    const hostname = new URL(supabaseUrl).hostname;
+    const ref = hostname.split('.')[0]!;
+    return `sb-${ref}-auth-token`;
+  } catch {
+    return 'sb-localhost-auth-token';
+  }
+}