doubts about the safety of server actions
Unanswered
Barbary Lion posted this in #help-forum
Barbary LionOP
Hi guys, I know that are server actions are not exposed to the client, is it enough to assure if the user is allowed to do the action or i have to add more layers of security
4 Replies
@Barbary Lion Hi guys, I know that are server actions are not exposed to the client, is it enough to assure if the user is allowed to do the action or i have to add more layers of security
no. you need to check for authentication as you would for normal api routes
@joulev no. you need to check for authentication as you would for normal api routes
Barbary LionOP
Oh okay
@joulev no. you need to check for authentication as you would for normal api routes
Barbary LionOP
Thx for helping
American Crow
what joulev said and be aware of closures in server actions
https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#closures-and-encryption
https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#closures-and-encryption