Caching Private Data
Unanswered
Capelin posted this in #help-forum
CapelinOP
Hi guys, as the title says, how are we absolutely sure Next.Js doesn't cache private, user specific data?
For example:
fetch('someuserdata', { cache: 'no-store'}
Allegdly, will not cache the user data.
But if a tired developer forgets to add no-store, doesn't this mean that sensitive user data is cached without any form of authenticating it?
What are your thoughts on this, and how do you manage this in client vs server components?
For example:
fetch('someuserdata', { cache: 'no-store'}
Allegdly, will not cache the user data.
But if a tired developer forgets to add no-store, doesn't this mean that sensitive user data is cached without any form of authenticating it?
What are your thoughts on this, and how do you manage this in client vs server components?
12 Replies
@Capelin Hi guys, as the title says, how are we absolutely sure Next.Js doesn't cache private, user specific data?
For example:
fetch('someuserdata', { cache: 'no-store'}
Allegdly, will not cache the user data.
But if a tired developer forgets to add no-store, doesn't this mean that sensitive user data is cached without any form of authenticating it?
What are your thoughts on this, and how do you manage this in client vs server components?
In v15 cache for fetch is opt in, so the tired dev will only accidentally forget to cache. You need to explicitly add code to ensure it is cached
@joulev In v15 cache for fetch is opt in, so the tired dev will only accidentally forget to cache. You need to explicitly add code to ensure it is cached
CapelinOP
Great!
And just to double check my understanding:
Fetching inside a useEffect to set a component state will still cache the fetch for the next clients rerender?
Say an inkognito window on the same computer?
So doing the above fetch on a secure page, is in fact unsecure?
And just to double check my understanding:
Fetching inside a useEffect to set a component state will still cache the fetch for the next clients rerender?
Say an inkognito window on the same computer?
const [data, setData] = useState(null);
useEffect(() => {
if (!data) {
fetch('https://api.com/data')
.then((response) => response.json())
.then((data) => setData(data));
}
}, [data]);So doing the above fetch on a secure page, is in fact unsecure?
@Capelin Great!
And just to double check my understanding:
Fetching inside a useEffect to set a component state will still cache the fetch for the next clients rerender?
Say an inkognito window on the same computer?
const [data, setData] = useState(null);
useEffect(() => {
if (!data) {
fetch('https://api.com/data')
.then((response) => response.json())
.then((data) => setData(data));
}
}, [data]);
So doing the above fetch on a secure page, is in fact unsecure?
client-side fetches cannot be cached, the cache in nextjs is server-side only
CapelinOP
Ah great, it is secure, got me quite worried there ^^
thanks joulev
@joulev client-side fetches cannot be cached, the cache in nextjs is server-side only
CapelinOP
btw, you havent tried using Relay with next by any chance?
no, i haven't
CapelinOP
how would you handle types if your backend is graphql/graphene/django?
redeclare the types inside next?
redeclare the types inside next?
graphql: codegen
graphene/django: idk because i have never done that yet
graphene/django: idk because i have never done that yet
CapelinOP
ah, this is perfect, and would you use redux to manage user data?
if i need to. i usually dont need to.
CapelinOP
but redux would be your tool of choice for this type of task?