Can anyone call my supabase function?
The best thing is to set up different levels of security CORS headers , session check , etc If it ’s safe to have a call exposed depends on what the call does . @Lucas G I understand , thanks . sorry but I have another question . I have authenticaton enabled for the call but this does not solve all the problem : now an authenticated users has all the data url and the key to run the function whenever he wants , right ? does cors headers help in this regard (ai told me they dont ) ? so basically , I Want to call the function only when a button in my app is clicked and nowhere else Not something like a public key @Lucas G many thanks . a further point I would like to make in my edge function I added ' 'Access -Control -Allow -Origin ' : 'my _website .com ' ' which restricts api calls to my website . however , this does not prevents calls through postman etc . suggested solutions are cloudflare or rate limiting ? my question is : does toddle 's own "proxy request " option help in this regard as a replacement to cloudflare ? thanks which you can use to authenticate the call