fix(supabase): edge-function error handling + reject array headers

waleedlatif1 · waleedlatif1 · commit 78c3b4e39f21 · 2026-06-17T11:41:51.000-07:00
- invoke_function: drop unreachable !response.ok branch (executor throws on non-OK before transformResponse runs and surfaces the error body); document the success-only contract
- invoke_function: ignore non-object (array) headers so JSON arrays can't produce numeric-index header names
- block: reject array/non-object Edge Function headers with a clear error in config.params
diff --git a/apps/sim/blocks/blocks/supabase.ts b/apps/sim/blocks/blocks/supabase.ts
@@ -1122,6 +1122,17 @@ Return ONLY the PostgREST filter expression - no explanations, no markdown, no e
           parsedFunctionHeaders = functionHeaders
         }
 
+        if (
+          parsedFunctionHeaders !== undefined &&
+          (typeof parsedFunctionHeaders !== 'object' ||
+            parsedFunctionHeaders === null ||
+            Array.isArray(parsedFunctionHeaders))
+        ) {
+          throw new Error(
+            'Edge Function headers must be a JSON object of header name to value (not an array).'
+          )
+        }
+
         let parsedAllowedMimeTypes
         if (allowedMimeTypes && typeof allowedMimeTypes === 'string' && allowedMimeTypes.trim()) {
           try {
diff --git a/apps/sim/tools/supabase/invoke_function.ts b/apps/sim/tools/supabase/invoke_function.ts
@@ -87,7 +87,7 @@ export const invokeFunctionTool: ToolConfig<
         Authorization: `Bearer ${params.apiKey}`,
         'Content-Type': 'application/json',
       }
-      if (params.headers && typeof params.headers === 'object') {
+      if (params.headers && typeof params.headers === 'object' && !Array.isArray(params.headers)) {
         for (const [key, value] of Object.entries(params.headers)) {
           headers[key] = String(value)
         }
@@ -102,6 +102,11 @@ export const invokeFunctionTool: ToolConfig<
     },
   },
 
+  /**
+   * Only the success path is handled here — the tool executor throws on
+   * non-OK responses before `transformResponse` runs, surfacing the Edge
+   * Function's error body via the shared error extractor.
+   */
   transformResponse: async (response: Response) => {
     const contentType = response.headers.get('content-type') || ''
     let results: unknown
@@ -115,21 +120,6 @@ export const invokeFunctionTool: ToolConfig<
       results = await response.text()
     }
 
-    if (!response.ok) {
-      const message =
-        typeof results === 'object' && results !== null && 'error' in results
-          ? String((results as { error: unknown }).error)
-          : `Edge Function returned status ${response.status}`
-      return {
-        success: false,
-        output: {
-          message,
-          results,
-        },
-        error: message,
-      }
-    }
-
     return {
       success: true,
       output: {
