Should i check for auth in my server actions?
Answered
aa55h posted this in #help-forum
aa55hOP
Well, let's say i have a server action which somehow touches DB, should i perform authentication check inside of it? the action is only intended to be ran from protected page, which has already pass the auth check.
(the question basically is: can anyone run server actions?)
(the question basically is: can anyone run server actions?)
Answered by B33fb0n3
yes, should should check. Server actions are the same as an REST API Endpoint, just with better developer experience (DX). So secure them as you would do with REST APIs
3 Replies
@aa55h Well, let's say i have a server action which somehow touches DB, should i perform authentication check inside of it? the action is only intended to be ran from protected page, which has already pass the auth check.
(the question basically is: can anyone run server actions?)
yes, should should check. Server actions are the same as an REST API Endpoint, just with better developer experience (DX). So secure them as you would do with REST APIs
Answer
aa55hOP
got it, thanks
happy to help