alt Hacker NewsFor the layperson, does this mean this approach and everything that doesn't use it is not secure?
Building a private, out of date repo doesn't seem great either.
For the layperson, does this mean this approach and everything that doesn't use it is not secure?
Building a private, out of date repo doesn't seem great either.
Not quite. This isn’t saying React or Next.js are fundamentally insecure in general.
The problem is this specific "call whatever server code the client asks" pattern. Traditional APIs with defined endpoints don’t have that issue.