Getting error "UnrecognizedActionError: Server Action "604...7b3" was not found on the server" between deployments

[drewwilliams1982]

Summary

Background:

Have a nextjs v16 app. GitHub Actions + Dockerfile build process. Currently, just a single server deployment. Self hosted.

Summary:

Our landing page is our sign-in page, which uses a server action to process the login request. If the sign-in page is loaded and a deployment happens prior to th user attempting a login, when the user attempts to login they hit the UnrecognizedActionError error. The user needs to hard reload to login correctly.

I've looked through similar issues, which have been closed because of a 2-week inactivity, but I can't find a solution.

The most promising answer seems to lie in manually setting NEXT_SERVER_ACTIONS_ENCRYPTION_KEY env var. Following this advice #75541 (comment) just causing the whole app to fail with this error:
⨯ unhandledRejection: [Error: An error occurred in the Server Components render. The specific message is omitted in production builds to avoid leaking sensitive details. A digest property is included on this error instance which may provide additional details about the nature of the error.]

As I understand it, setting that env var should cause all server action IDs to become static, assuming the function itself doesn't change, though I can't find any real documentation to corroborate that. I've also noted there's some confusion on the issues about when to put this env var. I've found it breaks everything when I put it in at run time, so I suspect thats correct.

Can anyone confirm that setting this env var has solved the issue for them and how they went about generating a value for it please?

Additional information

No response

Example

No response

[icyJoseph]

Hi yeah this should be handled by skew protection. A little info from where the problem was first confronted: https://blog.subvertallmedia.com/2023/10/30/react-server-actions-versioning-filenames-and-other-considerations

So yeah, the function is hashed and mixed with a key to protect it from abuse.

• https://nextjs.org/docs/app/guides/data-security#overwriting-encryption-keys-advanced
• https://nextjs.org/docs/app/guides/data-security#built-in-server-actions-security-features

I have a work item on updating our docs to be more clear about this though.

• https://nextjs.org/docs/app/guides/self-hosting#version-skew

The env variable can indeed be used to stabilize server action IDs across builds.

This is a quote I got as input to work in the docs improvement.

[drewwilliams1982]

Thanks for getting back to me and confirming it should work. I was able to eventually get it working.

When you come to work on the docs, the thing that was key for me was finding the code that generates the key in the first place: https://github.com/vercel/next.js/blob/faf1371e5771751a27a7cb77e226c1e42e0d46ef/packages/next/src/server/app-render/encryption-utils-server.ts
Sign posting this may help save someone else a lot of time.

Thanks again!!

[icyJoseph]

Please don't forget to mark as answered, to guide others while the docs are updated.