How secure are server actions?
Answered
Sphecid wasp posted this in #help-forum
Sphecid waspOP
I'm using parallel routes to render pages based on the user's role and I was thinking about putting role-specific server actions in the parallel route's folder. Is it possible for a user with another role to trigger those actions?
Answered by Yi Lon Ma
server actions are just post routes which anyone can trigger. It should be treated as just another API route and must authenticate and authorize the request first before doing any action.
1 Reply
server actions are just post routes which anyone can trigger. It should be treated as just another API route and must authenticate and authorize the request first before doing any action.
Answer