Next.js Discord

Discord Forum

Server-side request forgery when using `fetch` in a component: fact or fiction?

Podenco Valenciano posted this in #help-forum
Open in Discord
Podenco ValencianoOP
Hi all.
I got a server-side request forgery warning on GitHub regarding a fetch in a component, which is using inputs from the URL. (
My understanding was that fetch is just a browser API that has nothing to do with the server, even if SSR can use it at build time. So this warning is mistaken.

But maybe I'm fundamentally misunderstanding something and this risk is real. Can you explain?

3 Replies

DirtyCajunRice | AppDir
that error makes zero sense.
the github bot needs to be addressed.
Podenco ValencianoOP
OK cool.