Are server function URLs exposed publically?
I conduct auth checks in my beforeLoad route function and I have a serverFn named getData that I only ever call in the loader function.
Do I need to check user auth in the getData function as well? I.e. is it possible for an attacker to find and use the server function endpoint without the route context?
2 Replies
flat-fuchsia•4mo ago
Yes you should have an auth middleware attached to serverFns that access protected data.
rival-blackOP•4mo ago
Cool, thanks!