nuxt3 & supabase safety
hey, i use supabase with nuxt3, when i do inserts to supabase should i make this via api? How secure is the javascript in my .vue files. I have following code in my pages/events.vue to create an event
Can this code be modified from client side to maybe change that
user.value.id
? If yes i think this is more safe to do it via api where the user id gets set on server side to prevent users posting as another user if they have the id
maybe i could to it with serverSupabaseClient
https://supabase.nuxtjs.org/usage/services/server-supabase-client
the demo uses also the client side stuff inside the vue files https://github.com/nuxt-modules/supabase/blob/main/demo/pages/tasks.vueGitHub
supabase/tasks.vue at main Β· nuxt-modules/supabase
Supabase module for Nuxt. Contribute to nuxt-modules/supabase development by creating an account on GitHub.
6 Replies
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
@shanehoban do you do this for all requests?
hey, yeah i guess you have to do it for everything to make the access controlled
for example to prevent inserting with a different user_id - so users can not post stuff in the name (or id) of another user
Unknown Userβ’2y ago
Message Not Public
Sign In & Join Server To View
yee i know
@π¨π Marko Bolliger <cannap> asked
@Scratchy