Loading video...

Video Failed to Load

Go Home

Secure your server actions

asidorenko_'s profile picture

Alex Sidorenko

35,155 subscribers

75,025 views • 11 months ago •via X (Twitter)

Health & WellnessScience & TechnologyEducation
LIVE

Anya Rossi• Live Now

Private livecam show

10 Comments

Alex Sidorenko's profile picture
Alex Sidorenko11 months ago

Nuance: action ID is a unique hash. If you don't render it (like in the example when the user is not an admin), it would be hard to trigger your endpoint But in any case, server actions always create endpoints, and endpoints should be protected

Eduardo Borges's profile picture
Eduardo Borges11 months ago

damn... i probably missed that one in some project though I try to keep the actions inside a ./actions/delete-stuff.ts with 'use server' works right?

Alex Sidorenko's profile picture
Alex Sidorenko11 months ago

"use server" only ensures that the code in marked file never gets into the client-side js bundle You still need to protect your server actions as if they are separate callable endpoints (because they are)

Iaci's profile picture
Iaci11 months ago

I (who separates front- and backend) dont understand this

Ᵽøłskɨ Ƀøɍsȼħ's profile picture
Ᵽøłskɨ Ƀøɍsȼħ11 months ago

...or next-safe-action does this trick for you 😉

yo puaaa 👋's profile picture
yo puaaa 👋11 months ago

Too many people thought server actions were a magic black box that just made things work, without realizing it's just magic POST calls!

Daniel Still's profile picture
Daniel Still11 months ago

I love Next overall, but it's a way better experience to just use Route Handlers. Especially if you plugin a framework like Hono or Elysia for good conventions and plugins out of the box.

Legion Dev's profile picture
Legion Dev11 months ago

well its same like secure your api end point lol

Ruchir's profile picture
Ruchir11 months ago

I wonder how many security issues modern Next has created due to server actions lol.

Aurora Scharff's profile picture
Aurora Scharff11 months ago

Also this

Related Videos

Server Actions create public endpoints, so be sure to secure them like you would API routes.
0:20

Server Actions create public endpoints, so be sure to secure them like you would API routes.

Alex Sidorenko

83,586 views • 1 year ago

Server actions vs API routes in Next.js
1:43

Server actions vs API routes in Next.js

Alex Sidorenko

59,223 views • 1 year ago

Infinite scroll in Next.js 13 with server actions
1:42

Infinite scroll in Next.js 13 with server actions

Alex Sidorenko

166,376 views • 2 years ago

You MUST secure your web2 environment in order to secure your web3 environment. In this video, I show how one could steal a private key from your server using the react2shell exploit. Just by visiting your website. Update ASAP if you have not already!
2:29

You MUST secure your web2 environment in order to secure your web3 environment. In this video, I show how one could steal a private key from your server using the react2shell exploit. Just by visiting your website. Update ASAP if you have not already!

Patrick Collins

11,842 views • 5 months ago

"How do I exclude server actions from middleware in Next.js?" 👇
0:20

"How do I exclude server actions from middleware in Next.js?" 👇

Alex Sidorenko

23,415 views • 10 months ago

Local MCP servers can now be installed with one click on Claude Desktop. Desktop Extensions (.dxt files) package your server, handle dependencies, and provide secure configuration.
0:30

Local MCP servers can now be installed with one click on Claude Desktop. Desktop Extensions (.dxt files) package your server, handle dependencies, and provide secure configuration.

Anthropic

572,361 views • 11 months ago

How to revalidate a single item in the list after mutation with Server Actions
0:46

How to revalidate a single item in the list after mutation with Server Actions

Alex Sidorenko

70,276 views • 1 year ago

Discover the power of Firebase's MCP Server! 💪 This experimental tool streamlines communication and helps enable secure AI actions on behalf of users. Chapters: 0:00 - Introduction 1:02 - Set up an MCP Server 1:41 - Current Project Demo 2:48 - Data Connect Demo 3:35 - Setting an SMS Region Policy 4:14 - More tools
5:22

Discover the power of Firebase's MCP Server! 💪 This experimental tool streamlines communication and helps enable secure AI actions on behalf of users. Chapters: 0:00 - Introduction 1:02 - Set up an MCP Server 1:41 - Current Project Demo 2:48 - Data Connect Demo 3:35 - Setting an SMS Region Policy 4:14 - More tools

Firebase

14,336 views • 11 months ago

Building a Crypto Wallet MCP server to integrate with AI tools? ⚙️🤖 Don’t leave your private keys exposed on local setups. With Phala Cloud & NEAR Protocol MCP, you can deploy your Wallet MCP server inside a TEE—secure, verifiable, and easy to launch. Here’s how 🧵
1:10

Building a Crypto Wallet MCP server to integrate with AI tools? ⚙️🤖 Don’t leave your private keys exposed on local setups. With Phala Cloud & NEAR Protocol MCP, you can deploy your Wallet MCP server inside a TEE—secure, verifiable, and easy to launch. Here’s how 🧵

Phala

21,706 views • 1 year ago

API's Mike Sommers calls on Congress to build on President Donald J. Trump’ recent actions to secure America’s energy advantage: “Congress, it's your turn. It's your turn to unleash American energy dominance.”
0:31

API's Mike Sommers calls on Congress to build on President Donald J. Trump’ recent actions to secure America’s energy advantage: “Congress, it's your turn. It's your turn to unleash American energy dominance.”

American Petroleum Institute

16,624 views • 1 year ago

Analyze code and scan for vulnerabilities using natural language in your terminal 🔎 → Endor Labs built a Gemini CLI Extension that acts as an MCP server to help you maintain secure dependencies.
0:35

Analyze code and scan for vulnerabilities using natural language in your terminal 🔎 → Endor Labs built a Gemini CLI Extension that acts as an MCP server to help you maintain secure dependencies.

Google for Developers

40,408 views • 4 months ago

We will secure our borders. And we will secure your future.
0:58

We will secure our borders. And we will secure your future.

Keir Starmer

388,196 views • 1 year ago

new Kirimase update (0.0.57) Now supporting Lucia v3 (powered by server actions) It’s so fast, you can get your full stack Next.js app deployed to the web (w/ Vercel) in literally 2 minutes 🤯
3:26

new Kirimase update (0.0.57) Now supporting Lucia v3 (powered by server actions) It’s so fast, you can get your full stack Next.js app deployed to the web (w/ Vercel) in literally 2 minutes 🤯

Nico Albanese

10,167 views • 2 years ago

When your words don't match your actions
0:22

When your words don't match your actions

First Of His Kind

164,250 views • 5 months ago

Next.js: Authentication ※ Best practices for Server Components, Server Actions, and Middleware ※ Patterns like Data Access Layers, API Minimization, and Data Transfer Objects Also, aside from headshots, this video is entirely built in React 🤯
12:13

Next.js: Authentication ※ Best practices for Server Components, Server Actions, and Middleware ※ Patterns like Data Access Layers, API Minimization, and Data Transfer Objects Also, aside from headshots, this video is entirely built in React 🤯

Delba

116,317 views • 2 years ago

Secure your tickets now
0:45

Secure your tickets now

Anwar El Ghazi

375,013 views • 2 years ago

Win thru your actions
0:24

Win thru your actions

Big Money

112,584 views • 1 year ago

Build a 100% local, private, and secure MCP client. You can connect it to any MCP server. Step-by-step guide:
14:53

Build a 100% local, private, and secure MCP client. You can connect it to any MCP server. Step-by-step guide:

Akshay 🚀

15,560 views • 5 months ago