Share zod schema with client and server
For a form I validate the input on the server for the correct query.
For the frontend I want to reuse the same zod schema to validate the user input.
I have not found any documentation about whether or not it's a security concern or if it is even possible.
Does anyone have experience with this?
6 Replies
I can’t foresee any concerns with sharing validation schema with both client and server. What sort of security concerns do you have exactly?
Maybe my mental model is not accurate, so please correct me if I'm wrong:
When JS imports a module, it loads the entire file. So, for example, if I have a schema in a server API route and import that schema to the frontend in a composable, the user could access the code for the API handler.
Obviously, there shouldn't be anything sensitive in the handler itself, but the user could get a look into the handler and maybe exploit it somehow.
move the schemas into a shared folder, like e.g. "types" or "schemas" etc. in the root folder of the project and you can use them both on client and server from that shared location without any problems 🙂
This should work
I read somewhere that only files in the server directory will be included but I haven't had the time to check yet
what @tobi mentioned is what i do, seems to make the most sense to me
Yes i am doing it this way now. Thank you guys very much :)