Vercel's "attitude" on self-hosted environments with respect to Server Actions #78299
Replies: 1 comment 1 reply
-
|
As i understand, this issue is related to Version Skew ? |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reply @revskill10. It certainly appears to be that topic (Version Skew) The link you sent is - from what I understood - Vercel's explanation of what they do to ensure this sort of issues don't happen. We have NextJS 15 by the way. My point is that exactly: that the NextJS framework cannot be - securely - deployed outside of Vercel (in AWS for example). Which is a legitimate product Again, if I'm wrong somehow and this can be done "easily" upon deployment, I'll gladly admit it =) |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
(your AI prompted me to submit this here)
Context
I have a production product done on Next JS 15 App router. We have clients and real people using it. However, because we are profficient in AWS we decided to host the entire application ourselves in AWS (Elastic Beanstalk, etc.).
I followed your design patterns and started using server actions instead of API endpoints. You claim they are more secure through the re-hashing of the endpoints (which makes sense).
Problem
HOWEVER (and this is where we almost killed ourselves) doing that has a very deep infrastructure problem. When deploying new changes to the application, all hashes are re-calculated (for "security"). So we started to have data integrity issues: users that had already loaded a page that hit the "submit button" and got a 500 error. Or worse even: they submitted, the application let them pass BUT THE DATA NEVER GOT STORED.
Debugging
You can imagine our frustration in catching this bug. We eventually bumped into a real time user having this issue, checked the server logs and finally caught the AWS server throwing an error that "45abc123-f...." has not been found. That is: since now the server action has been rehashed and the client had loaded the page BEFORE the deployment, everything died when he then clicked "Submit" (the front-end can't find the server action).
This must happen too in Vercel, right?
So we started digging into this and since Vercel is NextJS etc. etc. we thought "this means Vercel has the problem as well!!!!". To our surprise: YOU HAVE THAT SOLVED IN YOUR OWN INFRASTRUCTURE. We did thorough checks by making a very simple form and saw that between deploys the server action DOES NOT CHANGE HASHES, so the user experience is unaffected by that.
Final thoughts
Great, right? Not exactly: now we feel "hostages" of Vercel. This is like saying: you can use NextJS BUT ONLY if you host with us. This is valid if you say that upfront, but you are hurting your users by leaving this issue unresolved for non-Vercel deploying people.
We actually had to migrate back to API routes and discard server actions entirely. If we had known this from the beginning, we would have done BFF architecture with Python (Flask) back-end, which we already knew quite well how to use. In other words: we chose NextJS BECAUSE of the server actions potential, but now feel completely scammed.
Please answer with some sort of explanation to this. If I'm completely mistaken, I'll gladly admit it. Glad to jump on calls and explain better even.
Beta Was this translation helpful? Give feedback.
All reactions