On the initial render, it appears that server-side environment variables are accessible because Next.js performs Server-Side Rendering (SSR) for the first render. Is this not a security concern?
First render:
my page is using "use client"
"use client";
import { env } from "next-runtime-env";
export default function Home() {
return <pre>{JSON.stringify(env("HOME"), null, 2)}</pre>;
}
Second render:
Repo to reproduce it:https://github.com/dpnunez/runtime-env
On the initial render, it appears that server-side environment variables are accessible because Next.js performs Server-Side Rendering (SSR) for the first render. Is this not a security concern?
First render:
Second render:
Repo to reproduce it:https://github.com/dpnunez/runtime-env