Is it safe to run a https request to supabase using the anon key?
I guess it's fine but I shouldn't execute the block on the client.
1 Reply
Yes that should be fine - you can use the supabase anon key with the user’s JWT. You shouldn’t have any sensitive tables open to the anon key without the user key.
I recently posted a question though around authenticating the user when accessing the chat and that’s not possible according to the maintainer / developer which makes it open to people just brute-forcing their way through the sessions