Signed upload URL expiry?
Hey, is there any way to modify signed upload URL expiry?
I know supabase docs say they are 2 hours but im experiencing really weird behaviour with them which i absolutely cannot explain. Google gemini gives me this explanation but i am not sure if it is right or making things up..
My serverless worker received a signed PUT URL that resulted in a 400 Client Error: Bad Request during a cold start. The root cause appears to be a 60-second expiration time, which contradicts the expected 2-hour lifetime for signed upload URLs. The log contains:
2025-10-28T22:31:13.021994421Z worker-comfyui - PUT to signed URL failed (attempt 1/3). Retrying in 1.00s...: 400 Client Error: Bad Request for url: PUT [.....redactedURL....]/storage/v1/object/upload/sign/user-assets/[...]/ai-generated-assets/baseline-close-front.png?token=[FULL_TOKEN]
Where FULL_TOKEN =
eyJhbGciOiJIUzI1NiJ9.eyJvd25lciI6Ijg2YWI0OWY5LTY2ZjgtNGU5ZC04ZWIzLWIyZjQ4MTIzZTE1ZSIsInVybCI6InVzZXItYXNzZXRzL2VkN2I2NDk0LTEwN2ItNDBjOS04ZDVkLWE0NDI2ODk3OGY2My9jaGFyYWN0ZXJzL2VmNzA1ZWIwLTk4ZTctNDk5Zi04ZTNjLTYzYjE4YjNmZDJlNC9haS1nZW5lcmF0ZWQtYXNzZXRzL2Jhc2VsaW5lLWNsb3NlLWZyb250LnBuZyIsInVwc2VydCI6ZmFsc2UsImlhdCI6MTc2MTY5MDU2MywiZXhwIjoxNzYxNjkwNjIzfQ.gBSct2fnKf7Ms8EhF-GE5_ZpXq6JMDMpYkci8akzN3Y
When i decode that token I get:
{
"owner": "86ab49f9-66f8-4e9d-8eb3-b2f48123e15e",
"url": "user-assets/[....]/baseline-close-front.png",
"upsert": false,
"iat": 1761690563,
"exp": 1761690623
}
Issued At (iat): 1761690563 (2025-10-28 22:29:23 UTC)
Expires At (exp): 1761690623 (2025-10-28 22:30:23 UTC)
Calculated TTL: 60 seconds
How can this be the case if docs suggest 2 hour default and I am in no way explicitly setting it to 60 seconds anywhere in my code
I know supabase docs say they are 2 hours but im experiencing really weird behaviour with them which i absolutely cannot explain. Google gemini gives me this explanation but i am not sure if it is right or making things up..
My serverless worker received a signed PUT URL that resulted in a 400 Client Error: Bad Request during a cold start. The root cause appears to be a 60-second expiration time, which contradicts the expected 2-hour lifetime for signed upload URLs. The log contains:
2025-10-28T22:31:13.021994421Z worker-comfyui - PUT to signed URL failed (attempt 1/3). Retrying in 1.00s...: 400 Client Error: Bad Request for url: PUT [.....redactedURL....]/storage/v1/object/upload/sign/user-assets/[...]/ai-generated-assets/baseline-close-front.png?token=[FULL_TOKEN]
Where FULL_TOKEN =
eyJhbGciOiJIUzI1NiJ9.eyJvd25lciI6Ijg2YWI0OWY5LTY2ZjgtNGU5ZC04ZWIzLWIyZjQ4MTIzZTE1ZSIsInVybCI6InVzZXItYXNzZXRzL2VkN2I2NDk0LTEwN2ItNDBjOS04ZDVkLWE0NDI2ODk3OGY2My9jaGFyYWN0ZXJzL2VmNzA1ZWIwLTk4ZTctNDk5Zi04ZTNjLTYzYjE4YjNmZDJlNC9haS1nZW5lcmF0ZWQtYXNzZXRzL2Jhc2VsaW5lLWNsb3NlLWZyb250LnBuZyIsInVwc2VydCI6ZmFsc2UsImlhdCI6MTc2MTY5MDU2MywiZXhwIjoxNzYxNjkwNjIzfQ.gBSct2fnKf7Ms8EhF-GE5_ZpXq6JMDMpYkci8akzN3Y
When i decode that token I get:
{
"owner": "86ab49f9-66f8-4e9d-8eb3-b2f48123e15e",
"url": "user-assets/[....]/baseline-close-front.png",
"upsert": false,
"iat": 1761690563,
"exp": 1761690623
}
Issued At (iat): 1761690563 (2025-10-28 22:29:23 UTC)
Expires At (exp): 1761690623 (2025-10-28 22:30:23 UTC)
Calculated TTL: 60 seconds
How can this be the case if docs suggest 2 hour default and I am in no way explicitly setting it to 60 seconds anywhere in my code
