Should i check for auth in my server actions?
Answered
Clumber Spaniel posted this in #help-forum
Clumber SpanielOP
Well, let's say i have a server action which somehow touches DB, should i perform authentication check inside of it? the action is only intended to be ran from protected page, which has already pass the auth check.
(the question basically is: can anyone run server actions?)
(the question basically is: can anyone run server actions?)
Answered by B33fb0n3
yes, should should check. Server actions are the same as an REST API Endpoint, just with better developer experience (DX). So secure them as you would do with REST APIs
3 Replies
@Clumber Spaniel Well, let's say i have a server action which somehow touches DB, should i perform authentication check inside of it? the action is only intended to be ran from protected page, which has already pass the auth check.
(the question basically is: can anyone run server actions?)
yes, should should check. Server actions are the same as an REST API Endpoint, just with better developer experience (DX). So secure them as you would do with REST APIs
Answer
Clumber SpanielOP
got it, thanks
happy to help