Supabase Storage file upload - 403 Unauthorized
Hello everyone.
I've been trying to upload files into bucket (my backend express+nodejs) but getting 403 unauthorized constantly, despite RLS are created for INSERT, UPDATE, DELETE for authorized users.
const filePath =
const { data, error } = await supabase.storage.from('products').upload(filePath, file.buffer, {
upsert: true,
contentType: file.mimetype || 'application/octet-stream',
});
I want files sorted by folders. As folder name I want to use product sku (0001, 0002, 0003, etc.) which will be nested folders of the root folder (images). I have feeling that RLS don't work for nested folders in a bucket.
My RLS policies:
-- For INSERT operations (uploading files)
CREATE POLICY "Enable insert for authenticated users" ON storage.objects FOR INSERT
TO authenticated
WITH CHECK (bucket_id = 'products' AND auth.role() = 'authenticated');
-- For SELECT operations (reading/downloading files)
CREATE POLICY "Enable read access for all users" ON storage.objects FOR SELECT
USING (bucket_id = 'products' and name like 'public/%');
-- For UPDATE operations
CREATE POLICY "Enable update for authenticated users" ON storage.objects FOR UPDATE
USING (bucket_id = 'products' AND auth.role() = 'authenticated')
WITH CHECK (bucket_id = 'products' AND auth.role() = 'authenticated');
-- For DELETE operations
CREATE POLICY "Enable delete for authenticated users" ON storage.objects FOR DELETE
USING (bucket_id = 'products' AND auth.role() = 'authenticated');
What am I doing wrong? It's so frustrating. Bucket set as public.
I will be appreciated for any help or advice.
Thanks
I've been trying to upload files into bucket (my backend express+nodejs) but getting 403 unauthorized constantly, despite RLS are created for INSERT, UPDATE, DELETE for authorized users.
const filePath =
images/${product.sku}/${Date.now()}_${fileName};const { data, error } = await supabase.storage.from('products').upload(filePath, file.buffer, {
upsert: true,
contentType: file.mimetype || 'application/octet-stream',
});
I want files sorted by folders. As folder name I want to use product sku (0001, 0002, 0003, etc.) which will be nested folders of the root folder (images). I have feeling that RLS don't work for nested folders in a bucket.
My RLS policies:
-- For INSERT operations (uploading files)
CREATE POLICY "Enable insert for authenticated users" ON storage.objects FOR INSERT
TO authenticated
WITH CHECK (bucket_id = 'products' AND auth.role() = 'authenticated');
-- For SELECT operations (reading/downloading files)
CREATE POLICY "Enable read access for all users" ON storage.objects FOR SELECT
USING (bucket_id = 'products' and name like 'public/%');
-- For UPDATE operations
CREATE POLICY "Enable update for authenticated users" ON storage.objects FOR UPDATE
USING (bucket_id = 'products' AND auth.role() = 'authenticated')
WITH CHECK (bucket_id = 'products' AND auth.role() = 'authenticated');
-- For DELETE operations
CREATE POLICY "Enable delete for authenticated users" ON storage.objects FOR DELETE
USING (bucket_id = 'products' AND auth.role() = 'authenticated');
What am I doing wrong? It's so frustrating. Bucket set as public.
I will be appreciated for any help or advice.
Thanks
