import { createBrowserClient } from '@supabase/ssr'; export function createClient() { return createBrowserClient( process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, { db: { schema: process.env.NEXT_PUBLIC_SUPABASE_SCHEMA || 'av' }, cookies: { getAll() { if (typeof document === 'undefined') return []; return document.cookie.split(';').map((cookie) => { const [name, ...rest] = cookie.trim().split('='); return { name, value: decodeURIComponent(rest.join('=')) }; }); }, setAll(cookiesToSet: Array<{ name: string; value: string; options?: any }>) { if (typeof document === 'undefined') return; cookiesToSet.forEach(({ name, value, options }) => { // Match server-side cookie attributes. Server uses Next.js // cookies().set(), which defaults to SameSite=Lax with no // Secure flag. Writing the same cookie name with different // SameSite/Secure from JS produces conflicting state in the // browser cookie store and breaks AuthContext on /contributor. let cookieString = `${name}=${encodeURIComponent(value)}; Path=${options?.path || '/'}; SameSite=Lax`; if (options?.maxAge) cookieString += `; max-age=${options.maxAge}`; if (options?.domain) cookieString += `; domain=${options.domain}`; if (options?.expires) cookieString += `; expires=${options.expires}`; document.cookie = cookieString; }); }, }, } ); }