undefined | Better HN

0 pointsdeergomoo1y ago0 comments

> redirecting to the sign-in page if you don’t have a session

Is this not access control?

0 comments

Yes. Yes it is. I guess this person has the same stance Vercel now has. Even Next.js docs can make up their mind of whether you should or should not do it. They reccomended it until yesteray, but then another major securityflaw was discovered that made it useless, and now they removed authentication from the docs.

The takeaway is that you should not do it. You should never use Next.js if you ever has somehting that is not supposed to be public for everyone.

No serious company uses Next.js after all the recent major security issues, at least not if they have and respect users data.

j / k navigate · click thread line to collapse

0 comments

NorwegianDude1y ago

The takeaway is that you should not do it. You should never use Next.js if you ever has somehting that is not supposed to be public for everyone.

No serious company uses Next.js after all the recent major security issues, at least not if they have and respect users data.

j / k navigate · click thread line to collapse