ERR-576/Supabase · auth

ERR-576

Click signup → no loading, no error, no redirect

appears when:User clicks the signup button and the page does not change — no Console error visible unless DevTools is open

signup button does nothing

Silent signup failures are almost always a Supabase env var, a CORS block, or an RLS policy rejecting the profile insert. The error exists — the UI just never renders it.

Last updated 17 April 2026 · 5 min read · By Hyder Shah

Emergency triage — $299 Free diagnostic

Direct answer

Signup button does nothing means the onClick handler threw and the error was swallowed. Check DevTools Console for Cannot read properties of undefined (missing NEXT_PUBLIC_SUPABASE_ANON_KEY), a CORS block, or a Supabase RLS rejection (PGRST116 / 42501). Add an onClick handler wrapped in try/catch that renders the error in the UI, not just console.log.

Quick fix for signup button does nothing

components/signup-button.tsx

tsx

01async function handleSignup() {02  setLoading(true);03  setError(null);04  try {05    const { error } = await supabase.auth.signUp({ email, password });06    if (error) throw error;07    router.push("/onboarding");08  } catch (e) {09    // Render this in the UI — never rely on console-only logging10    setError((e as Error).message);11  } finally {12    setLoading(false);13  }14}15 16// In JSX:17<button onClick={handleSignup} disabled={loading}>18  {loading ? "Signing up..." : "Sign up"}19</button>20{error && <p role="alert" style={{ color: "red" }}>{error}</p>}

onClick handler + type='submit' inside a form wrapper + visible error render — fixes 80% of silent signup failures

Deeper fixes when the quick fix fails

01 · Wrap the button in a form and use type='submit'

components/signup-form.tsx

tsx

01// Both mouse and keyboard (Enter) submissions work02<form onSubmit={handleSignup}>03  <input name="email" type="email" required />04  <input name="password" type="password" required />05  <button type="submit" disabled={loading}>Sign up</button>06</form>

02 · Move profile creation to a SECURITY DEFINER trigger

supabase/migrations/profiles_trigger.sql

sql

01create or replace function public.handle_new_user()02returns trigger03language plpgsql04security definer05set search_path = public06as $$07begin08  insert into public.profiles (id, email)09  values (new.id, new.email);10  return new;11end;12$$;13 14create trigger on_auth_user_created15  after insert on auth.users16  for each row execute function public.handle_new_user();

SECURITY DEFINER bypasses RLS for the insert so new users always get a profile row

Why AI-built apps hit signup button does nothing

Lovable, Bolt, and Cursor scaffold signup flows that call supabase.auth.signUp inside an onClick handler wrapped in a basic try block that catches but does not surface the error. The generated code often looks like try { await supabase.auth.signUp(...) } catch(e) { console.log(e) }. That satisfies the generator’s lint rules but leaves the user staring at an unchanged page. Button appears dead; the error landed in the devtools Console and nowhere else.

The most common underlying failure is a missing environment variable. AI generators write NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY into a local .env file that never gets copied to Vercel. On production, the Supabase client initializes with undefined values, and every method call throws Cannot read properties of undefined. The user sees nothing because the error is caught by the silent try-catch.

The third common cause is Row-Level Security on a post-signup trigger. The auth.signUp call succeeds and creates a user in auth.users, but a trigger tries to insert a corresponding row into public.profiles and the RLS policy blocks it. Postgres returns 42501 or the Supabase client returns PGRST116. The user account exists but the profile is missing — a half-signed state the UI has no concept of handling.

signup button does nothing by AI builder

How often each AI builder ships this error and the pattern that produces it.

AI builder × signup button does nothing

Builder	Frequency	Pattern
Lovable	Every auth scaffold	try/catch logs to console, never surfaces to UI
Bolt.new	Common	Omits NEXT_PUBLIC_SUPABASE_ANON_KEY from Vercel deploy
v0	Common	Button onClick handler not attached after hydration
Cursor	Sometimes	Profile insert trigger missing SECURITY DEFINER
Base44	Rare	CORS origin list only contains localhost

Related errors we fix

Stop signup button does nothing recurring in AI-built apps

→Always render errors in the UI — never rely on console.log in production.
→Validate process.env with zod at boot so missing NEXT_PUBLIC_SUPABASE_ANON_KEY fails the build.
→Define post-signup profile triggers as SECURITY DEFINER with explicit search_path.
→Add a Playwright test: fill the signup form, submit, assert redirect to /onboarding.
→Log Supabase auth errors with error.message into an APM (Sentry) — they are invisible otherwise.

Still stuck with signup button does nothing?

Emergency triage · $299 · 48h turnaround

We restore service and write the root-cause report.

start the triage →

Free Rescue Diagnostic

$0 · 30 min

Emergency Triage

$299 · 48h turnaround

signup button does nothing questions

Why does my signup button do nothing when clicked?+

The onClick handler throws an error that is caught silently — a missing NEXT_PUBLIC_SUPABASE_ANON_KEY, a CORS block, or a network failure. The UI shows no loading state and no error toast because the error handler was never wired up. Open DevTools Console and click the button; the real message will appear. If Console is empty, check Network tab for a failed request.

What does a CORS error look like in this case?+

Console shows 'Access to fetch at ... from origin ... has been blocked by CORS policy.' Network tab shows status (failed) or preflight OPTIONS returning 405. Cause is usually a Supabase or custom API not configured to accept requests from your production domain. Add the domain to the CORS allowlist on the backend.

How do I know if it is a missing environment variable?+

DevTools Console shows 'ReferenceError' or 'Cannot read properties of undefined'. Specifically 'Cannot read properties of undefined (reading auth)' means the Supabase client failed to initialize because NEXT_PUBLIC_SUPABASE_URL or NEXT_PUBLIC_SUPABASE_ANON_KEY is undefined. Confirm both are set for Production in Vercel and redeploy.

Can Supabase RLS cause a signup button to fail silently?+

Yes. If a trigger inserts a profile row on signup and Row-Level Security blocks the insert, auth.signUp returns a user but the follow-up profile insert fails with 42501 or PGRST116. If the error is not displayed, it looks like nothing happened. Check Supabase logs for the RLS failure and either adjust the policy or define the trigger as SECURITY DEFINER.

How long does it take to fix a dead signup button?+

Ten to thirty minutes once the cause is identified. Diagnosis in DevTools takes two minutes — CORS and env vars are five-minute fixes; RLS policies take longer if the schema needs understanding first. If you cannot reproduce the error yourself, pairing with an engineer makes the fix deterministic.

Next step

Ship the fix. Keep the fix.

Emergency Triage restores service in 48 hours. Break the Fix Loop rebuilds CI so this error cannot ship again.