Supabase email redirect always goes to localhost instead of production domain
I'm using Supabase with Next.js and having an issue where email redirects always go to localhost:3000 instead of my production domain https://my.prod-domain.com.
Setup:
Next.js app deployed to production
Supabase authentication with email update functionality
Environment variables correctly set for production
Code:
Production
APP_URL=https://my.prod-domain.com
Development
APP_URL=http://localhost:3000
Problem:
Even though my console.log shows the correct production URL (https://my.prod-domain.com/api/auth/update-email/...), when users click the email link, they're redirected to http://localhost:3000/api/auth/update-email/... instead.
What I've tried:
Verified environment variables are set correctly in production
Added redirect URLs to Supabase dashboard with * wildcard
Confirmed the emailRedirectTo parameter shows the correct production URL
Cleared browser cache and tested in incognito mode
Question:
Why is Supabase overriding my emailRedirectTo parameter and using localhost instead of the production domain? How can I ensure email links redirect to the correct production URL?
Setup:
Next.js app deployed to production
Supabase authentication with email update functionality
Environment variables correctly set for production
Code:
export const resetEmail = async (values: z.infer) => {
try {
const supabase = await createSupabaseServerClient();
const { data } = await supabase.auth.getUser();
const { error: invalidPassword } = await supabase.rpc('verify_password', {
current_plain_password: values.password,
});
if (invalidPassword) {
throw new Error('The provided current password is invalid. Please verify and try again.');
}
const redirectUrl = ${env.APP_URL}/api/auth/update-email/${data.user?.id}?email=${values.new_email};
console.log('Redirect URL:', redirectUrl); // Shows correct production URL
const { error } = await supabase.auth.updateUser(
{
email: values.new_email,
},
{
emailRedirectTo: redirectUrl,
}
);
if (error) {
throw new Error(${error.message});
}
return { success: true };
} catch (err) {
if (err instanceof Error) {
return { error: err.message };
}
}
};Production
APP_URL=https://my.prod-domain.com
Development
APP_URL=http://localhost:3000
Problem:
Even though my console.log shows the correct production URL (https://my.prod-domain.com/api/auth/update-email/...), when users click the email link, they're redirected to http://localhost:3000/api/auth/update-email/... instead.
What I've tried:
Verified environment variables are set correctly in production Added redirect URLs to Supabase dashboard with * wildcard Confirmed the emailRedirectTo parameter shows the correct production URL Cleared browser cache and tested in incognito modeQuestion:
Why is Supabase overriding my emailRedirectTo parameter and using localhost instead of the production domain? How can I ensure email links redirect to the correct production URL?
