is passing data from middleware to ssr pages via headers spoofable
Unanswered
Forest bachac posted this in #help-forum
Forest bachacOP
data passed from middleware to server component/ssr page via modifying headers cannot be spoofed/edited by client correct?
USE CASE:
middleware
page
USE CASE:
middleware
const sessionCookieValue = request.cookies.get(authCookieName)?.value;
const session = sessionCookieValue
? await checkSession(sessionCookieValue)
: null;
const requestHeaders = new Headers(request.headers);
requestHeaders.set(
"x-auth-user-id",
session === null ? "none" : session.toString()
);page
const headersList = headers();
const userId = headersList.get("x-auth-user-id");1 Reply
Forest bachacOP
bump