Update Section 15.1. An Important Note on Security (#86)

* Update Section 15.1. An Important Note on Security The existing language "You should never return something sensitive from a server function." This text suggests it is impossible to make a server function secure. This commit indicates two necessary steps making a server function secure. * Update to reflect suggested wording from benwis; fix typo --------- Co-authored-by: Aaron Schweiger <Aaron Schweiger>
leptos-rs · Apr 2, 2024 · 1a92be0 · 1a92be0
1 parent 20d7685
commit 1a92be0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/server/25_server_functions.md b/src/server/25_server_functions.md
@@ -133,7 +133,7 @@ will generate a server function endpoint at `/api/hello` that accepts a POST req
 
 ## An Important Note on Security
 
-Server functions are a cool technology, but it’s very important to remember. **Server functions are not magic; they’re syntax sugar for defining a public API.** The _body_ of a server function is never made public; it’s just part of your server binary. But the server function is a publicly accessible API endpoint, and it’s return value is just a JSON or similar blob. You should _never_ return something sensitive from a server function.
+Server functions are a cool technology, but it’s very important to remember. **Server functions are not magic; they’re syntax sugar for defining a public API.** The _body_ of a server function is never made public; it’s just part of your server binary. But the server function is a publicly accessible API endpoint, and its return value is just a JSON or similar blob. Do not return information from a server function unless it is public, or you've implemented proper security procedures. These procedures might include authenticating incoming requests, ensuring proper encryption, rate limiting access, and more.
 
 ## Integrating Server Functions with Leptos