"use server" best practices for API calls
Unanswered
Cinnamon posted this in #help-forum
CinnamonOP
I'm finding conflicting info on this. If someone adds
"use server"; to the top of a file, but the function in it is only ever invoked from other server-side code and is never referenced client-side, is there still a theoretical POST endpoint in the compiled application? Basically does "use server" itself cause such an endpoint to be generated or does the function have to actually be imported by client code before that will happen. I'm guessing this is not great practice either way, but I'm concerned about the potential security risk if one of these unnecessarily-tagged files were to expose a sensitive API call.2 Replies
The endpoint abstraction makes sense when the function is called from the Client.
When you call it from the server it should behave like a regular async function, because you’re already on server land.
Anyway, the suggestion here is to mark with “use server” those functions that are intended to be reached by the client, and obviously, only for mutations
When you call it from the server it should behave like a regular async function, because you’re already on server land.
Anyway, the suggestion here is to mark with “use server” those functions that are intended to be reached by the client, and obviously, only for mutations
Asian black bear
It has been quite some time since they implemented "tree shaking" for unused server actions, but that was buggy and removed and attempts to fix it afterwards were made again. Unfortunately I'm uncertain about the current state of it.
That being said, don't make assumptions and just don't mark functions with the directive unless you truly use them as server actions with all the required precautions.
That being said, don't make assumptions and just don't mark functions with the directive unless you truly use them as server actions with all the required precautions.