feat(storage): expose purgeCache for buckets and single objects#2429
Merged
Conversation
@supabase/auth-js
@supabase/functions-js
@supabase/postgrest-js
@supabase/realtime-js
@supabase/storage-js
@supabase/supabase-js
commit: |
7964a89 to
a719dd5
Compare
grdsdev
requested changes
Jun 4, 2026
spydon
previously approved these changes
Jun 4, 2026
spydon
previously approved these changes
Jun 4, 2026
Contributor
Author
|
do not merge until @itslenny works on this |
Co-authored-by: Rodrigo Mansueli <rodrigo@mansueli.com>
cfa1faf to
23d176f
Compare
itslenny
previously approved these changes
Jun 22, 2026
grdsdev
reviewed
Jun 22, 2026
4b9ae03 to
59d1f93
Compare
grdsdev
previously approved these changes
Jun 22, 2026
itslenny
previously approved these changes
Jun 25, 2026
ferhatelmas
reviewed
Jun 26, 2026
ferhatelmas
reviewed
Jun 26, 2026
Member
This example from PR description needs an update as well, it might be from a previous iteration |
ferhatelmas
previously approved these changes
Jun 26, 2026
0971843 to
0445c49
Compare
ferhatelmas
approved these changes
Jun 26, 2026
grdsdev
added a commit
to supabase/sdk
that referenced
this pull request
Jun 29, 2026
…ilities (#44) * feat(storage): add purge_cache and purge_bucket_cache capabilities Registers two new canonical storage capabilities sourced from supabase/supabase-js#2429: - storage.file_buckets.purge_cache — invalidate CDN cache for a single object via StorageFileApi.purgeCache(path) - storage.file_buckets.purge_bucket_cache — invalidate CDN cache for an entire bucket via StorageBucketApi.purgeBucketCache() Both require a service_role JWT and the purgeCache tenant feature. * docs(storage): add spec files for purge_cache and purge_bucket_cache Adds human-readable specs for the two new CDN cache purge capabilities: - specs/storage/file_buckets/purge_cache.md - specs/storage/file_buckets/purge_bucket_cache.md Covers the HTTP endpoint, behavioral contract, service_role requirement, purgeCache tenant feature prerequisite, error conditions, and cross-links. * docs(storage): trim specs to SDK-only behavior * docs(storage): remove spec files for purge_cache and purge_bucket_cache * docs(storage): use 'capability' term in purge cache descriptions * docs(storage): update purge cache descriptions to mention transformations option
itslenny
approved these changes
Jun 29, 2026
This was referenced Jun 30, 2026
This was referenced Jun 30, 2026
This was referenced Jun 30, 2026
mandarini
pushed a commit
to supabase/ssr
that referenced
this pull request
Jun 30, 2026
This PR updates `@supabase/supabase-js` to v2.110.0. **Source**: supabase-js-stable-release --- ## Release Notes ## v2.110.0 ## 2.110.0 (2026-06-30) ### 🚀 Features - **repo:** drop Node.js 20 support ([#2482](supabase/supabase-js#2482)) ### ❤️ Thank You - Katerina Skroumpelou @mandarini ## v2.109.0 ## 2.109.0 (2026-06-30) ### 🚀 Features - **auth:** add custom_claims_allowlist to custom providers admin API ([#2473](supabase/supabase-js#2473)) - **realtime:** add postgres_changes filter builder, new operators and select ([#2463](supabase/supabase-js#2463)) - **storage:** expose purgeCache for buckets and single objects ([#2429](supabase/supabase-js#2429)) ### 🩹 Fixes - **functions:** honor a caller's Content-Type override regardless of casing ([#2455](supabase/supabase-js#2455)) - **realtime:** pin @supabase/phoenix and browser test CDN deps ([#2457](supabase/supabase-js#2457)) - **realtime:** add replication connection system message option ([#2470](supabase/supabase-js#2470)) - **storage:** keep sortBy defaults when list() is given a partial sortBy ([#2454](supabase/supabase-js#2454)) ### ❤️ Thank You - Anubhav Anand @i-anubhav-anand - Cemal Kılıç @cemalkilic - Claude Opus 4.8 (1M context) - Filipe Cabaço @filipecabaco - Katerina Skroumpelou @mandarini - Lenny - Rodrigo Mansueli @mansueli ## v2.108.2 ## 2.108.2 (2026-06-15) ### 🩹 Fixes - **auth:** preserve valid session on refresh failure and cooldown repeat failures ([#2436](supabase/supabase-js#2436)) - **realtime:** clarify httpSend() 404 error and server migration note ([#2444](supabase/supabase-js#2444)) - **release:** pin Deno and bound JSR publish to survive stranded-task hangs ([#2439](supabase/supabase-js#2439)) - **release:** restore JSR publish flags and enable for beta ([#2440](supabase/supabase-js#2440)) ### ❤️ Thank You - Katerina Skroumpelou @mandarini ## v2.108.1 ## 2.108.1 (2026-06-09) ### 🩹 Fixes - **ci:** forward DOGFOOD_APP_CLIENT_ID to dogfood workflow ([#2434](supabase/supabase-js#2434)) - **postgrest:** then typing ([#2349](supabase/supabase-js#2349)) ### ❤️ Thank You - Katerina Skroumpelou @mandarini - Vaibhav @7ttp This PR was created automatically. Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
mandarini
pushed a commit
to supabase/supabase
that referenced
this pull request
Jul 7, 2026
This PR updates @supabase/*-js libraries to version 2.110.1. **Source**: supabase-js-stable-release **Changes**: - Updated @supabase/supabase-js to 2.110.1 - Updated @supabase/auth-js to 2.110.1 - Updated @supabase/realtime-js to 2.110.1 - Updated @supabase/postgest-js to 2.110.1 - Refreshed pnpm-lock.yaml --- ## Release Notes ## v2.110.1 ## 2.110.1 (2026-07-07) ### 🩹 Fixes - **auth:** defer init-time notifications until initializePromise resolves ([#2498](supabase/supabase-js#2498)) - **realtime:** suppress disconnected status from onHeartbeat consumers ([#2496](supabase/supabase-js#2496)) ### ❤️ Thank You - Katerina Skroumpelou @mandarini ## v2.110.0 ## 2.110.0 (2026-06-30) ### 🚀 Features - **repo:** drop Node.js 20 support ([#2482](supabase/supabase-js#2482)) ### ❤️ Thank You - Katerina Skroumpelou @mandarini ## v2.109.0 ## 2.109.0 (2026-06-30) ### 🚀 Features - **auth:** add custom_claims_allowlist to custom providers admin API ([#2473](supabase/supabase-js#2473)) - **realtime:** add postgres_changes filter builder, new operators and select ([#2463](supabase/supabase-js#2463)) - **storage:** expose purgeCache for buckets and single objects ([#2429](supabase/supabase-js#2429)) ### 🩹 Fixes - **functions:** honor a caller's Content-Type override regardless of casing ([#2455](supabase/supabase-js#2455)) - **realtime:** pin @supabase/phoenix and browser test CDN deps ([#2457](supabase/supabase-js#2457)) - **realtime:** add replication connection system message option ([#2470](supabase/supabase-js#2470)) - **storage:** keep sortBy defaults when list() is given a partial sortBy ([#2454](supabase/supabase-js#2454)) ### ❤️ Thank You - Anubhav Anand @i-anubhav-anand - Cemal Kılıç @cemalkilic - Claude Opus 4.8 (1M context) - Filipe Cabaço @filipecabaco - Katerina Skroumpelou @mandarini - Lenny - Rodrigo Mansueli @mansueli This PR was created automatically. Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds
storage.from(bucket).purgeCache(path)mapping to the Storage API'sDELETE /cdn/{bucket}/{path}endpoint. Calling it issues a CDN invalidation for the named object.What changed?
purgeCache(path, parameters?)onStorageFileApi. Returns{ data: { message }, error: null }on success or{ data: null, error }on failure. Threadsparametersthrough to the underlying fetch (e.g.AbortControllersignal), matching the shape used bydownload().handleOperation+_getFinalPath+removehelper plumbing. No new error types, no new dependencies, no new imports./cdn/{bucket}/{path}returns{ message }), server 404 surfacing asStorageApiError, and signal forwarding throughparameters.Why was this change needed?
Cache purging has been a long-standing ask. This supersedes #1742 (originally proposed by @mansueli in
supabase/storage-js#229).What this PR deliberately leaves out vs #1742:
purgeCacheByPrefix. The Storage server has no native prefix-purge endpoint. A client-sidelist()+ N individualDELETEs loop is silently non-recursive (the storage list endpoint is not recursive), unpaginated past 1000 objects, and sequential per object even with abatchSizeknob. If users need bulk invalidation, that should be solved server-side.Two operational gotchas:
service_roleJWT (enforceJwtRoles: [dbServiceRole]instorage/src/http/routes/cdn/index.ts). Anon or user JWT calls will be rejected.purgeCachetenant feature, and self-hosted deployments needCDN_PURGE_ENDPOINT_URLconfigured.Supersedes #1742.
Screenshots/Examples
Breaking changes
Additive: a new public method, no changes to any existing API.
Checklist
<type>(<scope>): <description>pnpm nx formatto ensure consistent code formattingAdditional notes
Server-side cross-reference for reviewers:
src/http/routes/cdn/purgeCache.tsinsupabase/storage. The route isfastify.delete('/:bucketName/*')mounted under/cdn.src/http/routes/cdn/index.tsregisters the route withenforceJwtRoles: [dbServiceRole]andrequireTenantFeature('purgeCache').src/storage/cdn/cdn-cache-manager.tsforwards toCDN_PURGE_ENDPOINT_URL(or errors out if unset).No integration test against the local Docker storage stack is included. The CDN purge endpoint requires
CDN_PURGE_ENDPOINT_URLplus thepurgeCachetenant feature, neither of which are configured in the local compose, so an integration test would either skip or fail spuriously. A manual smoke test against a hosted project with theservice_rolekey is recommended before promoting the canary to stable.