Server-Side Rendering & Security

React Server Components (RSC) shift the paradigm by running components exclusively on the server. While this offers performance benefits, it introduces new security considerations.

The Serialization Boundary

Data passed from Server Components to Client Components must be serializable. This boundary is critical. Sensitive data meant for the server (like API keys or database connection strings) must never accidentally leak into props passed to client components.

// BAD: Leaking secrets
<ClientButton apiKey={process.env.SECRET_API_KEY} />

”Use Server” Directives

Understanding when and where to use the 'use server' directive is crucial for preventing RCE (Remote Code Execution) vulnerabilities when exposing server actions.