To set a file upload size limit in Supabase, open the Dashboard and go to Storage, select your bucket, click Edit Bucket, and set the maximum file size in bytes. You can also add client-side validation before upload to provide instant feedback. The default limit is 50 MB on free plans. Handle 413 Payload Too Large errors gracefully by checking file size before calling storage.upload().
Configuring File Upload Size Limits in Supabase Storage
Supabase Storage lets you control the maximum file size for each bucket independently. This tutorial shows you how to configure bucket-level size limits in the Dashboard, add client-side validation to reject oversized files before upload, and handle size-related errors. Setting proper upload limits protects your storage quota, prevents abuse, and provides a better user experience.
Prerequisites
- A Supabase project with at least one storage bucket
- Basic knowledge of JavaScript/TypeScript
- The Supabase client library installed in your project
Step-by-step guide
Configure the bucket file size limit in the Dashboard
Configure the bucket file size limit in the Dashboard
Open your Supabase Dashboard and navigate to Storage in the left sidebar. Click on the bucket you want to configure. Click the three-dot menu or Edit Bucket button. In the configuration panel, you will see a field for maximum file size. Enter the limit in bytes. For example, 5242880 equals 5 MB, and 10485760 equals 10 MB. Click Save. This limit applies to all uploads to this bucket regardless of how the upload is initiated (client SDK, API, or Dashboard).
Expected result: The bucket now rejects any file upload that exceeds the configured size limit with a 413 error.
Create or update a bucket with a size limit via SQL or API
Create or update a bucket with a size limit via SQL or API
You can also set the file size limit programmatically when creating or updating a bucket using the Supabase client or SQL. The fileSizeLimit property accepts a value in bytes. This is useful when automating bucket creation in migrations or setup scripts.
1import { createClient } from '@supabase/supabase-js'23const supabase = createClient(4 process.env.NEXT_PUBLIC_SUPABASE_URL!,5 process.env.SUPABASE_SERVICE_ROLE_KEY!6)78// Create a new bucket with a 5 MB limit9const { data, error } = await supabase.storage.createBucket('avatars', {10 public: true,11 fileSizeLimit: 5242880, // 5 MB in bytes12 allowedMimeTypes: ['image/png', 'image/jpeg', 'image/webp'],13})1415// Update an existing bucket's size limit16const { data: updated, error: updateError } = await supabase.storage.updateBucket('avatars', {17 fileSizeLimit: 10485760, // 10 MB in bytes18})Expected result: The bucket is created or updated with the specified file size limit.
Add client-side file size validation before upload
Add client-side file size validation before upload
Always validate the file size on the client before uploading. This provides instant feedback to the user and avoids wasting bandwidth on uploads that will be rejected by the server. Check the File object's size property and compare it against your limit. Show a clear error message if the file is too large.
1const MAX_FILE_SIZE = 5 * 1024 * 1024 // 5 MB23function validateFileSize(file: File): { valid: boolean; message: string } {4 if (file.size > MAX_FILE_SIZE) {5 const sizeMB = (file.size / (1024 * 1024)).toFixed(1)6 return {7 valid: false,8 message: `File is ${sizeMB} MB. Maximum allowed size is ${MAX_FILE_SIZE / (1024 * 1024)} MB.`,9 }10 }11 return { valid: true, message: '' }12}1314async function uploadFile(file: File, bucket: string, path: string) {15 const validation = validateFileSize(file)16 if (!validation.valid) {17 throw new Error(validation.message)18 }1920 const { data, error } = await supabase.storage21 .from(bucket)22 .upload(path, file, {23 cacheControl: '3600',24 upsert: false,25 })2627 if (error) throw error28 return data29}Expected result: Oversized files are rejected immediately on the client with a clear error message, without making a network request.
Handle 413 Payload Too Large errors
Handle 413 Payload Too Large errors
Even with client-side validation, always handle the server-side 413 error. This catches edge cases where the client check is bypassed or the file size changed between validation and upload. The Supabase storage client returns an error object with a statusCode field. Check for 413 and show a user-friendly message.
1async function handleUpload(file: File) {2 try {3 const { data, error } = await supabase.storage4 .from('documents')5 .upload(`uploads/${file.name}`, file)67 if (error) {8 if (error.message.includes('Payload too large') || error.message.includes('413')) {9 console.error('File exceeds the bucket size limit.')10 // Show user-friendly message11 return { success: false, message: 'This file is too large. Please upload a smaller file.' }12 }13 throw error14 }1516 return { success: true, path: data.path }17 } catch (err) {18 console.error('Upload failed:', err)19 return { success: false, message: 'Upload failed. Please try again.' }20 }21}Expected result: 413 errors are caught and displayed as a user-friendly message instead of a generic error.
Set different limits for different buckets
Set different limits for different buckets
Supabase lets you configure file size limits independently per bucket. This is useful when you have different upload requirements: small limits for profile avatars, larger limits for document uploads, and even larger limits for video files. Create separate buckets with appropriate limits for each use case. Remember to also set RLS policies on storage.objects for each bucket.
1-- Create buckets with different size limits using SQL2insert into storage.buckets (id, name, public, file_size_limit, allowed_mime_types)3values4 ('avatars', 'avatars', true, 2097152, '{image/png,image/jpeg,image/webp}'),5 ('documents', 'documents', false, 20971520, '{application/pdf,text/plain}'),6 ('videos', 'videos', false, 104857600, '{video/mp4,video/webm}');78-- RLS policy: users can upload to their own folder9create policy "Users upload to own folder" on storage.objects10 for insert to authenticated11 with check (12 auth.uid()::text = (storage.foldername(name))[1]13 );Expected result: Each bucket enforces its own maximum file size and accepted MIME types.
Complete working example
1import { createClient } from '@supabase/supabase-js'23const supabase = createClient(4 process.env.NEXT_PUBLIC_SUPABASE_URL!,5 process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!6)78const BUCKET_LIMITS: Record<string, number> = {9 avatars: 2 * 1024 * 1024, // 2 MB10 documents: 20 * 1024 * 1024, // 20 MB11 videos: 100 * 1024 * 1024, // 100 MB12}1314function formatFileSize(bytes: number): string {15 if (bytes < 1024) return `${bytes} B`16 if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`17 return `${(bytes / (1024 * 1024)).toFixed(1)} MB`18}1920function validateFile(21 file: File,22 bucket: string23): { valid: boolean; message: string } {24 const maxSize = BUCKET_LIMITS[bucket]25 if (!maxSize) {26 return { valid: false, message: `Unknown bucket: ${bucket}` }27 }28 if (file.size > maxSize) {29 return {30 valid: false,31 message: `File size (${formatFileSize(file.size)}) exceeds the ${formatFileSize(maxSize)} limit for ${bucket}.`,32 }33 }34 return { valid: true, message: '' }35}3637export async function uploadFile(38 file: File,39 bucket: string,40 userId: string41): Promise<{ success: boolean; path?: string; error?: string }> {42 // Client-side validation43 const validation = validateFile(file, bucket)44 if (!validation.valid) {45 return { success: false, error: validation.message }46 }4748 // Upload to user-scoped folder49 const filePath = `${userId}/${Date.now()}-${file.name}`5051 const { data, error } = await supabase.storage52 .from(bucket)53 .upload(filePath, file, {54 cacheControl: '3600',55 upsert: false,56 })5758 if (error) {59 if (error.message.includes('Payload too large')) {60 return { success: false, error: 'File is too large for this bucket.' }61 }62 return { success: false, error: error.message }63 }6465 return { success: true, path: data.path }66}Common mistakes when setting File Upload Size Limit in Supabase
Why it's a problem: Setting the file size limit in megabytes instead of bytes in the Dashboard or API
How to avoid: The fileSizeLimit value is always in bytes. Multiply MB by 1048576 to get the correct value. For example, 5 MB = 5 * 1024 * 1024 = 5242880 bytes.
Why it's a problem: Only validating file size on the client and not handling server-side 413 errors
How to avoid: Always handle the 413 error from the Supabase storage API as a fallback. Client-side validation can be bypassed by modifying the code or making direct API calls.
Why it's a problem: Using the anon key to create or update bucket settings
How to avoid: Bucket management operations (create, update, delete buckets) require the service role key. Use the anon key only for file operations like upload and download.
Best practices
- Set the file size limit per bucket in the Dashboard to enforce limits server-side regardless of client behavior
- Always add client-side validation before upload to provide instant user feedback and save bandwidth
- Use separate buckets with different limits for different file types (avatars, documents, videos)
- Pair file size limits with allowedMimeTypes to prevent unexpected file type uploads
- Store uploaded files in user-scoped folders (userId/filename) and add corresponding RLS policies on storage.objects
- Display file size limits clearly in your upload UI so users know the constraints before selecting a file
- Log upload errors server-side for monitoring while showing user-friendly messages in the UI
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I need to set a 5 MB file upload limit on my Supabase storage bucket called avatars. Show me how to configure it in the Dashboard and add client-side validation in TypeScript before calling supabase.storage.upload().
Create a file upload component that validates file size against bucket-specific limits before uploading to Supabase Storage. Support three buckets (avatars at 2 MB, documents at 20 MB, videos at 100 MB) and handle 413 errors gracefully.
Frequently asked questions
What is the default file upload size limit in Supabase?
The default maximum file size is 50 MB on the free plan. Pro and Team plans support up to 5 GB per file. You can set a lower custom limit per bucket.
Can I set different size limits for different file types within the same bucket?
No, the file size limit is set per bucket, not per file type. To enforce different limits for different file types, create separate buckets with their own size limits and allowedMimeTypes.
What error does Supabase return when a file exceeds the size limit?
Supabase returns a 413 Payload Too Large error with a message indicating the file exceeds the bucket's configured maximum size.
Can I increase the file size limit beyond 50 MB on the free plan?
No, the free plan has a hard limit of 50 MB per file. Upgrade to the Pro plan to upload files up to 5 GB.
Does the file size limit apply to uploads from the Dashboard?
Yes, the bucket-level file size limit applies to all upload methods: the JavaScript client, REST API, and the Supabase Dashboard file manager.
How do I check the current size limit of a bucket?
Query the storage.buckets table in the SQL Editor: SELECT id, name, file_size_limit FROM storage.buckets; The file_size_limit column shows the limit in bytes.
Can RapidDev help configure storage limits and policies for my project?
Yes, RapidDev can set up your storage buckets with appropriate size limits, MIME type restrictions, and RLS policies tailored to your application's requirements.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation