API data stored in JSON file inside in _next folder is exposed to anyone without any security ? Why?
Unanswered
Black imported fire ant posted this in #help-forum
Black imported fire antOP
API data stored in JSON file inside in _next folder is exposed to anyone without any security or Login in Next.JS application. Why is that ? Does that not beat the purpose of extra security by BFF?
2 Replies
Clown
What even is BFF? Protecting any kind of route or asset is your own responsibility.
The things that happen inside route handlers and private environment variables(the variables not prefixed with NEXT_PUBLIC_) are the only two things that are protected.
The things that happen inside route handlers and private environment variables(the variables not prefixed with NEXT_PUBLIC_) are the only two things that are protected.
Heck even the stuff in route handler is only protected cause its code that runs only server side and only its response is returned.