Supabase API Calls Only Work in WeWeb Editor and Postman, Not in Published Project

Ask us anything
, , ,
1

Hi all,

I’m running into a frustrating issue with WeWeb and Supabase that’s blocking my live app from authenticating users. Here’s what I’ve found after troubleshooting and gathering detailed logs, hoping someone in the community can help! I also submitted a ticket, but seeing it’s the weekend I figured maybe I can lean on the community for support.

What’s Happening:

  • Authenticated API calls to Supabase work perfectly in the WeWeb editor (preview mode) and in Postman.
  • The same requests return null from the published WeWeb project (live site).

What I’ve Tried:

  • When monitoring requests from the published site in Chrome DevTools:

    • The Authorization header is present with a valid JWT.
    • Supabase logs show the request, but there’s no user attached, leading to a null response.

  • Copying the same request (headers and all) from Chrome into Postman works fine.

  • Public (unauthenticated) requests work as expected everywhere.

  • There are no CORS errors, and the network request looks “normal” in the browser.

  • I’ve tested this on different browsers and devices with the same result.

Sample cURL Sent from WeWeb to Supabase (Working in Preview and Postman):

curl 'https://<your-project-id>.supabase.co/rest/v1/userroles?select=role%3Aroleid%28*%29&userid=eq.<user-uuid>' \
  -H 'accept: */*' \
  -H 'accept-profile: public' \
  -H 'apikey: [SUPABASE_ANON_KEY]' \
  -H 'authorization: Bearer [USER_JWT]' \
  -H 'origin: https://<your-weweb-preview-url>' \
  -H 'referer: https://<your-weweb-preview-url>/' \
  ... (other headers omitted)

(Works in both WeWeb preview and Postman, but fails with null in the published/live WeWeb project.)

Console Output (Published App):

serviceworker.js?_wwcv=26:4 Service worker v26 installed
serviceworker.js?_wwcv=26:8 Service worker v26 activated
main.js:76 wwLib.wwCollection.getCollectionData is DEPRECATED, use wwLib.wwUtils.getDataFromCollection instead.
(No CORS or network errors)

My Questions:

  1. Has anyone had Supabase authenticated requests fail only in the published WeWeb project, even when the same request (and JWT) works in preview/Postman?
  2. Is there any nuance or limitation in how WeWeb handles auth headers, tokens, or cookies between preview and published builds?
  3. Could the service worker or something about cookie settings, storage, or cross-site context be breaking Supabase’s ability to recognize the user session in production?
  4. Is there something special that needs to be configured in Supabase or WeWeb to ensure published projects pass JWT/auth tokens correctly?

Any help or even ideas for debugging further would be super appreciated! Happy to provide additional logs, screenshots, or headers if helpful.

Thanks in advance to anyone who can shed some light on this!

2

Damn… after a day of debugging, turns out the issue was somehow with AdGuard. Disabled it and immediately everything was working.

I’ll leave it up in case anyone else has a similar issue and is running an ad blocker. Annoying but glad I got it

1 Like
3

Hi Ken, thank you for for breaking down your problem and also for coming back to present your solution, this will help others in a similar situation :folded_hands:

1 Like