API response showing in view page source

Unanswered

Muawiyah posted this in #help-forum

2024-03-20T10:48:39.000Z

I am fetching API with server side rendering. but It's showing all of my API data in page source. such as email, password and other private information.
Does anyone know how to hide unused data from view page source.

9 Replies

MuawiyahOP

2024-03-20T10:49:00.000Z

Please ping me when you reply

@Muawiyah Please ping me when you reply

Plott Hound

2024-03-20T12:26:59.000Z

if you are fetching server side then it wont come up in the browser code, are you passing this data to a client component? it would help if you shared your code

@Plott Hound if you are fetching server side then it wont come up in the browser code, are you passing this data to a client component? it would help if you shared your code

MuawiyahOP

2024-03-20T14:06:38.000Z

I am fetching the data in server component. and getting the data in client component with the help of props

@Muawiyah I am fetching the data in server component. and getting the data in client component with the help of props

Plott Hound

2024-03-20T14:09:07.000Z

anything you pass down to the client (via props) will be visible in the client code

can you share the code where you pass the user data as props to the client component? you might need to be more selective about what you are passing down so there is no sensitive info being exposed

@Plott Hound can you share the code where you pass the user data as props to the client component? you might need to be more selective about what you are passing down so there is no sensitive info being exposed

MuawiyahOP

2024-03-21T04:42:10.000Z

I am sending the data to ProfileHeader from layout.jsx file

import PageNotFound from "@/components/error-pages/404";
import ProfileHeader from "@/components/shared/ProfileHeader";
import { fetchUser } from "@/lib/api/users";

import { ProfileLinks } from "@/constants";
import { currentUser } from "@/lib/api/auth";
import { UserType } from "@/types";
import ProfileLink from "@/components/shared/ProfileLink";
import { Metadata } from "next";

export const generateMetadata = async ({
  params: { locale, id },
}: {
  params: { locale: string; id: string };
}): Promise<Metadata> => {
  const user = await fetchUser(locale, id as string);

  return {
    title: user.name,
  };
};

const Layout = async ({
  children,
  params: { locale, id },
}: {
  children: React.ReactNode;
  params: { locale: string; id: string };
}) => {
  const follower = await currentUser();

  let user: UserType | null = null;
  if (follower) {
    user = await fetchUser(locale, id as string, follower?.id?.toString());
  } else {
    user = await fetchUser(locale, id as string);
  }

  if (!user?.id) return <PageNotFound />;

  return (
    <>
      <div>
        <ProfileHeader user={user} follower={follower} />

        <div className="items-center justify-center rounded-md bg-muted p-1 text-muted-foreground w-full grid md:grid-cols-4 mobile-lg:grid-cols-3 sm:grid-cols-4 grid-cols-2">
          {ProfileLinks.map((item, index: number) => (
            <ProfileLink key={index} item={item} user={user} />
          ))}
        </div>
      </div>

      {children}
    </>
  );
};

export default Layout;

Asian paper wasp

2024-03-21T07:11:23.000Z

If ProfileHeader is a client component, then yes, what you are seeing is expected

That's why Next.js has a blog for this, specifically this section:
https://nextjs.org/blog/security-nextjs-server-components-actions#component-level-data-access

MuawiyahOP

2024-03-21T08:19:28.000Z

okay thanks