Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. ItĀ collects links to all the places you might be looking at while hunting down a tough bug.

And, if youā€™re still stuck at the end, weā€™re happy to hop on a call to see how we can help out.

How secure is to define database env variable with prefix `NEXT_PUBLIC_`?

See original GitHub issue

Exposing sensitive values to the browser is not a good idea. I believe database value is only used on API routes. In that case, those are purely backend serverless functions. We donā€™t need to provide a NEXT_PUBLIC_ prefix if it is just used directly from the backend.

You can check more details here. https://nextjs.org/docs/basic-features/environment-variables

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
ghoshnirmalyacommented, Oct 4, 2020

@ghoshnirmalya šŸ‘ the API folder inside the pages folder is special in the next Js context. it will be server-side only. You can check the details here man. https://nextjs.org/docs/api-routes/introduction

From the docs,

Any file inside the folder pages/api is mapped to /api/* and will be treated as an API endpoint instead of a page. They are server-side only bundles and wonā€™t increase your client-side bundle size.

@Param-Harrison Thank you. Can you please create a PR for that?

1reaction
ghoshnirmalyacommented, Sep 30, 2020

NEXT_PUBLIC_DATABASE_URL is used in the nextauth.ts file. Itā€™s used only on API routes. Iā€™ll check whether NextAuth will work if we donā€™t provide the credentials on the client side.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Is sensitive data in NextJS .env file safe if it ... - Stack Overflow
Yes, NEXT_PUBLIC prefix allows NextJS to send the variable to the client's browser. From the docs: The value will be inlined into JavaScriptĀ ......
Read more >
Basic Features: Environment Variables - Next.js
Learn to add and access environment variables in your Next.js application. ... Node.js environment automatically allowing you to use them in Next.js data...
Read more >
How to setup custom environment variables other than ...
Hi, I would like to know how can I create a custom environment variable lets say staging and specify it during build time...
Read more >
Environment variables in Next.js and Netlify
env.local you have to prefix the variable with NEXT_PUBLIC_ . // .env.local. SITE_URL=localhost
Read more >
Environment Variables in Next.js - Frontend Digest
I didn't know how to set up variables for development andā€¦ ... will load environment variables from a file called .env.local at the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Remove unnecessary console logs

Next page

Postgres connection problems after fresh repository cloned