Server Actions create public endpoints, so be sure to secure them like you would API routes.

This is one of the things most developers don't know I think. They don't see the line between client and server. When Server Actions were introduced in Next.js, a lot of devs made a big mistake and got leaked server code or got abused by hackers because they didn't even know this.

Server actions are an unnecessary addition to the React API surface area. I won't be using them.

useless feature i guess nextjs created because they dont have product ideas😂😂😂😂😂😂😂

I think there are useless?

What is the best way to secure an API route?

auth

Wish they were executed at a known path, and not current route. Kinda makes middleware useless for them.

A feature that I don't see it using it at the moment considering that I could use nestjs, fastapi, etc

would a middleware, e.g. supabase, solve this issue?

How do I find that endpoint ?