Auth-js does not handle Cloudflare Web server is down 521 error code correctly #1029
Description
Bug report
- I confirm this is a bug with Supabase, not with my own application.
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
We have supabase running behind cloudflare proxy. We discovered that when the machine is offline and cloudflare can't reach it, cloudflare responds with a "Web server is down" page, with net error code 521.
Auth-JS does not consider error code 521 auth-retryable. This causes it to delete the user's session token due to downtime of the server.
To Reproduce
- Host supabase behind cloudflare
- Stop server or stop listening on port so cloudflare considers the server down
- Try to resume a user sessions with auth-js
Expected behavior
Keeps retrying, does not delete the session state
Additional context
It defines error codes that are retryable here: https://github.com/supabase/auth-js/blob/master/src/lib/fetch.ts#L38
And despite the comment suggesting otherwise, code 521 does not get retried: https://github.com/supabase/auth-js/blob/master/src/lib/fetch.ts#L46
Instead it falls all the way down to error.json(), fails because cloudflare sends html not json, then gets wrapped into AuthUnknown and then session gets nuked forever.