Are `NEXT_PUBLIC_` env variables secure in server side components?

Unanswered

Transvaal lion posted this in #help-forum

Transvaal lionOP

2024-07-04T14:13:21.168Z

I want to use supabase in my nextjs project but I want to handle database insert in server component, if I expose an env variable in server component, is it gonna be public? can be exposed in the source code?

4 Replies

riský

2024-07-04T14:15:04.274Z

It the env var name begins with NEXT_PUBLIC_ your client will have it. If it doesnt, the only way would be you in server passing it down through props or just plain text.

Transvaal lionOP

2024-07-04T14:19:31.619Z

I am trying to use nextjs with supabase database for a form submission but I want to restrict the submission only coming from my site so I thought maybe I can use a secret token. If use a secret token in a server component, it is possible for the token to be leaked in client?

riský

2024-07-04T14:27:31.370Z

if it is sent over internet, then its leaked

like how would your server see it... through a formdata?