nextjs

Nextjs question.. 
How are others verifying FE requests are valid on the server side, or is that just not necessary in nextjs if I’m using actions?

As the line between reality and fantasy is increasingly becoming blurred, I want to be in a position to share the best of what I’ve been given. OP Delegate

what framework are you coming from that required you to verify validity of requests on the server side?

Founder of @cryptojobslist / 
.ts connoisseur / 
co-org at Solidity Singapore https://github.com/soliditysingapore with @weijie

Here’s my understanding- If any api is publicly available via http, then the validity of requests coming from the front end is not guaranteed, unless a secure cookie, bearer token, or JWT is present and can be verified. I’d love more information on how that concern is handled with next.js though!

I might be using Valid, when I actually mean Authenticated, sorry for mixing terms there. So you’re getting at the heart of my question - with Next.js server actions, it’s my understanding so far that they’re still done via https under the hood, so they need to have every protection an api endpoint would. My question is more - is that excessive effort, or just good security?

I feel I'm lacking context. What does a "valid request" mean to you?

Imho, when request is not valid - just throw an error. Your API endpoint would need to do this.