RLS insert still failing for anon role even with correct policy

I’m trying to submit a booking form from my frontend to a Supabase table bookings with RLS enabled. I’ve created the following policy:

CREATE POLICY "allow_anonymous_insert_bookings"
ON public.bookings
FOR INSERT
TO anon
WITH CHECK (true);

CREATE POLICY "allow_anonymous_insert_bookings"
ON public.bookings
FOR INSERT
TO anon
WITH CHECK (true);

which grants:

GRANT USAGE ON SCHEMA public TO anon;
GRANT INSERT ON public.bookings TO anon;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO anon;

GRANT USAGE ON SCHEMA public TO anon;
GRANT INSERT ON public.bookings TO anon;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO anon;

pg_policies confirms the policy is PERMISSIVE and exists for the anon role, and my call to a debug_auth() function shows:

[ { "current_user": "anon", "role": "anon", "uid": null } ]

[ { "current_user": "anon", "role": "anon", "uid": null } ]

So I KNOW I'm using the anon role. this is what the frontend code to insert looks like:

const { data, error } = await supabase
  .from('bookings')
  .insert([bookingData]);

const { data, error } = await supabase
  .from('bookings')
  .insert([bookingData]);

example contents of bookingData (to be submitted:

const bookingData = {
  name: "Test User",
  email: "test.user@example.com",
  phone: "5551234567",
  address: "123 Example Street",
  services: ["deep_clean"],
  add_ons: ["fridge", "window_washing"],
  date_time: "2025-09-15T14:30",
  special_instructions: "Please focus extra on the kitchen area.",
  estimated_price: 325,
  status: "pending"
};

const bookingData = {
  name: "Test User",
  email: "test.user@example.com",
  phone: "5551234567",
  address: "123 Example Street",
  services: ["deep_clean"],
  add_ons: ["fridge", "window_washing"],
  date_time: "2025-09-15T14:30",
  special_instructions: "Please focus extra on the kitchen area.",
  estimated_price: 325,
  status: "pending"
};

and finally the issue i am facing when trying to submit:

POST https://<project>.supabase.co/rest/v1/bookings?columns=...
401 Unauthorized
"new row violates row-level security policy for table \"bookings\""

POST https://<project>.supabase.co/rest/v1/bookings?columns=...
401 Unauthorized
"new row violates row-level security policy for table \"bookings\""

ANY help would be appreciated. It should be noted that this all works if i disable RLS, but I dont think thats a good idea for many reasons.

RLS insert still failing for anon role even with correct policy

I’m trying to submit a booking form from my frontend to a Supabase table bookings with RLS enabled. I’ve created the following policy:

CREATE POLICY "allow_anonymous_insert_bookings"
ON public.bookings
FOR INSERT
TO anon
WITH CHECK (true);

CREATE POLICY "allow_anonymous_insert_bookings"
ON public.bookings
FOR INSERT
TO anon
WITH CHECK (true);

which grants:

GRANT USAGE ON SCHEMA public TO anon;
GRANT INSERT ON public.bookings TO anon;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO anon;

GRANT USAGE ON SCHEMA public TO anon;
GRANT INSERT ON public.bookings TO anon;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO anon;

pg_policies confirms the policy is PERMISSIVE and exists for the anon role, and my call to a debug_auth() function shows:

[ { "current_user": "anon", "role": "anon", "uid": null } ]

[ { "current_user": "anon", "role": "anon", "uid": null } ]

So I KNOW I'm using the anon role. this is what the frontend code to insert looks like:

const { data, error } = await supabase
  .from('bookings')
  .insert([bookingData]);

const { data, error } = await supabase
  .from('bookings')
  .insert([bookingData]);

example contents of bookingData (to be submitted:

const bookingData = {
  name: "Test User",
  email: "test.user@example.com",
  phone: "5551234567",
  address: "123 Example Street",
  services: ["deep_clean"],
  add_ons: ["fridge", "window_washing"],
  date_time: "2025-09-15T14:30",
  special_instructions: "Please focus extra on the kitchen area.",
  estimated_price: 325,
  status: "pending"
};

const bookingData = {
  name: "Test User",
  email: "test.user@example.com",
  phone: "5551234567",
  address: "123 Example Street",
  services: ["deep_clean"],
  add_ons: ["fridge", "window_washing"],
  date_time: "2025-09-15T14:30",
  special_instructions: "Please focus extra on the kitchen area.",
  estimated_price: 325,
  status: "pending"
};

and finally the issue i am facing when trying to submit:

POST https://<project>.supabase.co/rest/v1/bookings?columns=...
401 Unauthorized
"new row violates row-level security policy for table \"bookings\""

POST https://<project>.supabase.co/rest/v1/bookings?columns=...
401 Unauthorized
"new row violates row-level security policy for table \"bookings\""

ANY help would be appreciated. It should be noted that this all works if i disable RLS, but I dont think thats a good idea for many reasons.

RLS insert still failing for anon role even with correct policy

RLS insert still failing for anon role even with correct policy

Similar Threads

Similar Threads

Similar Threads