From 46aec0e0e4b9bfd24f222cccc20b575a87e3ddb9 Mon Sep 17 00:00:00 2001
From: Vinzent <vinzent03@proton.me>
Date: Tue, 2 Apr 2024 16:56:44 +0200
Subject: [PATCH 1/2] fix: don't send access token in rest broadcast

---
 packages/realtime_client/lib/src/realtime_channel.dart | 6 +-----
 packages/supabase/lib/src/supabase_client.dart         | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/packages/realtime_client/lib/src/realtime_channel.dart b/packages/realtime_client/lib/src/realtime_channel.dart
index ed2019aa..a82774bd 100644
--- a/packages/realtime_client/lib/src/realtime_channel.dart
+++ b/packages/realtime_client/lib/src/realtime_channel.dart
@@ -483,11 +483,7 @@ class RealtimeChannel {
     }
 
     if (!canPush && type == RealtimeListenTypes.broadcast) {
-      final headers = {
-        'Content-Type': 'application/json',
-        'apikey': socket.accessToken ?? '',
-        ...socket.headers
-      };
+      final headers = {'Content-Type': 'application/json', ...socket.headers};
       final body = {
         'messages': [
           {
diff --git a/packages/supabase/lib/src/supabase_client.dart b/packages/supabase/lib/src/supabase_client.dart
index 7b4b9500..141f854e 100644
--- a/packages/supabase/lib/src/supabase_client.dart
+++ b/packages/supabase/lib/src/supabase_client.dart
@@ -260,7 +260,7 @@ class SupabaseClient {
       params: {
         'apikey': _supabaseKey,
       },
-      headers: headers,
+      headers: {'apikey': _supabaseKey, ...headers},
       logLevel: options.logLevel,
       httpClient: _authHttpClient,
     );

From 986bbbea4d76d8bf90cbdd095d35c9d320125564 Mon Sep 17 00:00:00 2001
From: Vinzent <vinzent03@proton.me>
Date: Tue, 2 Apr 2024 17:36:06 +0200
Subject: [PATCH 2/2] test: add apikey header

---
 packages/realtime_client/test/channel_test.dart | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/realtime_client/test/channel_test.dart b/packages/realtime_client/test/channel_test.dart
index 32ce5519..080f428f 100644
--- a/packages/realtime_client/test/channel_test.dart
+++ b/packages/realtime_client/test/channel_test.dart
@@ -248,6 +248,7 @@ void main() {
       mockServer = await HttpServer.bind('localhost', 0);
       socket = RealtimeClient(
         'ws://${mockServer.address.host}:${mockServer.port}/realtime/v1',
+        headers: {'apikey': 'supabaseKey'},
         params: {'apikey': 'supabaseKey'},
       );