DEV Community

Discussion on: Protecting static pages in Next.js application

Collapse
 
ivandotv profile image
Ivan V.

Since pages are static they are always downloaded, there is no way around this except to have server-rendered pages where you check if the user is authenticated server-side, and respond accordingly.
You should not have your static pages contain any hardcoded data that is security-sensitive, rather you should load all sensitive data when the user is authenticated (by sending fetch requests to load sensitive data)
A great example of this is the Vercel dashboard.

Collapse
 
prajwalkulkarni profile image
Prajwal Kulkarni

The static pages are used for a dynamic route, meaning there could be multiple entries that would reach this page, NextJS is forcing me to use SSG using getStaticProps and getStaticPaths , and hence not able to do much after the component mounts. Regarding the data in the page, it's the data that belongs to the user, so it's pretty sensitive. Given the scenario, is server-side authentication check the only workaround?

Thread Thread
 
ivandotv profile image
Ivan V.

How are you getting the data for the user? There is no request/response objects in getStaticPaths

Thread Thread
 
prajwalkulkarni profile image
Prajwal Kulkarni

Currently in development phase, so as of now, I'm just testing with a dummy static data within GSP, but when the database and the backend is ready, I'm planning to replace the dummy data with fetch pointing to an API endpoint.