diff --git a/apps/web/app/(marketing)/page.tsx b/apps/web/app/(marketing)/page.tsx
index 241392cad..ae0664a92 100644
--- a/apps/web/app/(marketing)/page.tsx
+++ b/apps/web/app/(marketing)/page.tsx
@@ -282,7 +282,7 @@ function HeroTitle({ children }: React.PropsWithChildren) {
function Pill(props: React.PropsWithChildren) {
return (
-
+
{props.children}
@@ -321,20 +321,23 @@ function RightFeatureContainer(props: React.PropsWithChildren) {
function MainCallToActionButton() {
return (
-
+
);
}
diff --git a/apps/web/next.config.mjs b/apps/web/next.config.mjs
index fa81dfbc3..bfd5b58de 100644
--- a/apps/web/next.config.mjs
+++ b/apps/web/next.config.mjs
@@ -32,6 +32,7 @@ const config = {
},
experimental: {
mdxRs: true,
+ taint: true,
instrumentationHook: true,
optimizePackageImports: [
'recharts',
diff --git a/packages/supabase/src/get-service-role-key.ts b/packages/supabase/src/get-service-role-key.ts
index 84d4585e2..47edcc41a 100644
--- a/packages/supabase/src/get-service-role-key.ts
+++ b/packages/supabase/src/get-service-role-key.ts
@@ -1,5 +1,7 @@
import 'server-only';
+import { experimental_taintUniqueValue as taintUniqueValue } from 'react';
+
import { z } from 'zod';
const message =
@@ -11,16 +13,22 @@ const message =
* ONLY USE IN SERVER-SIDE CODE. DO NOT EXPOSE THIS TO CLIENT-SIDE CODE.
*/
export function getServiceRoleKey() {
- const serviceRoleKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
-
- return z
+ const serviceRoleKey = z
.string({
required_error: message,
})
.min(1, {
message: message,
})
- .parse(serviceRoleKey);
+ .parse(process.env.SUPABASE_SERVICE_ROLE_KEY);
+
+ taintUniqueValue(
+ 'Do not pass the service role key to the client',
+ process,
+ serviceRoleKey,
+ );
+
+ return serviceRoleKey;
}
/**