[Bug / Feature Request] Supabase Insert action always sends select=* with no way to disable it

[Bug / Feature Request] Supabase Insert action always sends select=* with no way to disable it

Hi everyone,

I’m using the latest WeWeb Supabase plugin for an insert action on a public form. The table has Row Level Security (RLS) enabled on Supabase.

The problem:
The insert action always appends select=* to the request URL, which means after inserting a row, it also tries to SELECT it. This causes a RLS violation error (42501) for anon users because there is no SELECT policy for anonymous users — and there shouldn’t need to be one just to do an insert.

Expected behavior:
There should be an option to disable the SELECT after insert (return no columns / return=minimal), similar to the “Return inserted rows” toggle that existed in the older version of the plugin.

Current workaround:
I had to add a SELECT RLS policy for anon users, which is a security concern since it exposes rows to unauthenticated users.

Steps to reproduce:

1. Enable RLS on a Supabase table
2. Add an INSERT policy for anon role only (no SELECT policy)
3. Use WeWeb Supabase insert action with default settings
4. Trigger the action as an unauthenticated user
5. -> Error: new row violates row-level security policy

In the Advanced section, the “Return columns” dropdown only has All columns (*) with no option to set it to none or empty.

Is there a workaround within WeWeb, or can this be added back as a toggle?

image574×448 6.28 KB

Thanks!

Hey @seandy!
Thanks for flagging this and for sharing the detailed context.

I’ve created a product feedback ticket for this on your behalf. Going forward, feel free to create product feedback tickets directly here.