Is it safe to get all data based on a route query parameter?
I have a dynamic route which renders a single Project-page. The page itself is being rendered based on the id of the route-query. Like this:
Inside this page I am also fetching (and mutate) all the categories that belongs to this project. I am doing this by looking at what projectId the route-query has. Like this:
I feel like this is kinda unsafe though. Wouldn't another user just be able to enter this projectId into their browser, and be able to see all the categories? Should I also check that the author is the current signed in user?
I am also seeing an error that projectId is undefined at first render, but the categories is being fetched anyway.
Inside this page I am also fetching (and mutate) all the categories that belongs to this project. I am doing this by looking at what projectId the route-query has. Like this:
I feel like this is kinda unsafe though. Wouldn't another user just be able to enter this projectId into their browser, and be able to see all the categories? Should I also check that the author is the current signed in user?
I am also seeing an error that projectId is undefined at first render, but the categories is being fetched anyway.
Was this page helpful?
