Hey mate, you've created a security definer function but doesn't look like you've created a policy to use that function?

e.g.

CREATE POLICY "Allow admins to update orgs" ON "public"."orgs"
AS PERMISSIVE FOR UPDATE
TO public
USING (id = any(public.user_orgs()))
WITH CHECK ('admin' = any(public.user_roles(id)));

Not sure if replying pings you so I'll ping you anyway @lanbau

i did create a policy on the join table.. in the using textarea i used is_member_of_investorstartup(startup_id, investor_id)

I'm a little confused how stored procedures interact with row table policies. I have RLS on for my tables and a stored procedure that increments a row on one of the tables by one. Shouldn't the stored procedure fail? There are no policies setup allowing inserts or updates and the function is not SECURITY DEFINER. Am I missing something?

Oh, I think it's because if you access supabase with server key you have access. Does that sound right?

But someone w/o the server key could call the rpc method it would just fail because they don't have proper access.

@zenny.eth I believe you’re correct 🙂

Just curious, is there a big focus on keeping supabase's postgesql version concurrent with the latest stable release of postgresql, or are we going to be working with v13.3 for a while?

Hi, does someone know if the is some way to customize the template for Confirm Signup or Reset Password. I mean adding some image, changing the sender mail?

You can write html into the template. I am sure you could just use an img tag.

A sweet feature would be able to programmatically build them.

is supabase a good candidate for a large scale application

Does supabase.com scale wide? What I mean is that my users are in the US and India/China, would the users in India/China see fast response times or is the server mostly in the US?

NVM, I can see that I choose when I create a project. Is there any future where this will be globally distributed? For example like fly.io

hi guys

can any one help me

its taking 10+s to fetch

can any one help me to fix it

Hi community guys, has anyone tried to upload an image from an online url? I tried it but always got an

application/octet-stream

mime type. Not sure what's wrong with my code. I created an issue here: https://github.com/supabase/supabase/issues/6916

Hi @Jan Tennert a field is missing in your #867347909741248532. Please precise how you're using Supabase

forgot that thanks

Deployed to vercel. I'm getting CORS error on this endpoint now

auth/v1/user'

If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I've never seen this before on other projects. Has anyone seen this?

Did something change with supabase? My older projects the request for

auth/v1/user

is xhr, but this new project it's

fetch

. That's the only difference I can find?

Damn, stuck for an entire day on this. I have another project in production with almost exact same code that doesn't have this issue.

any way to subscribe to updates with graphql?

I noticed my organization got a crazy url, is there any way to customize it?

No, and I don’t think it super matters. The url isn’t client facing. You just store it to make API calls.

well it would be visible in the network inspector, just think its weird to see

crazy-turtle-xyz.supabase.io

in the URL. Maybe it would be nice to allow for a custom domain to proxy through