Authorization in Next.js

Authorization in Next.js
10 minutes by Robin Wieruch

In this guide Robin explores implementing authorization in Next.js applications using React Server Components and Server Actions. He emphasizes placing authorization closest to data sources as the primary security mechanism, with multiple layers of defense including API, Service, and Data Access Layers. While authorization can also be implemented in routing, UI elements, and middleware, these should be viewed as supplementary measures rather than primary security controls. Robin provides practical code examples for implementing authorization checks at various application layers.

A Guide to Understanding APIs in the Automotive World
sponsored by CarsXE

New to automotive APIs? This deep dive covers how vehicle data flows, the role of VIN decoding, and how to build React apps powered by CarsXE’s API. Whether you're using Next.js, GraphQL, or REST, this guide will help you design smarter, data-driven applications.

Experimenting with React View Transitions
11 minutes by Maxi Ferreira

In this newsletter issue Maxi focuses on React's new View Transition API, highlighting how it simplifies previously clunky implementations by automatically starting transitions at optimal times, applying view transition names just-in-time, and providing helpful lifecycle classes and callbacks. He also features a podcast episode with Frontend Masters founder Marc Grabanski and includes resources on browser-based databases, CSS functions, and strategies for writing readable code.

How React Works Behind the Scenes
20 minutes by Kaan Peksen

Dive deep into the internal workings of React, detailing how JSX is converted to JavaScript via Babel, resulting in React Elements through React.createElement() function calls. Kaan describes the rendering process, distinguishing between initial rendering and re-rendering, and explains how React optimizes performance using Virtual DOM and Fiber Tree. He also covers the reconciliation process, diffing algorithm, and how React determines when and what to update in the DOM, emphasizing the importance of the key prop for managing component state and identity across renders.

You should know this before choosing Next.js
14 minutes by Eduardo Bouças

In this post Eduardo critiques Next.js's governance by Vercel, highlighting three major concerns: lack of adapter support for deployment portability, absence of official serverless documentation despite promoting its benefits, and existence of Vercel-specific code paths unavailable to other providers. He also criticizes Vercel's handling of a recent critical security vulnerability, where they delayed notifying other providers for eight days. While acknowledging Vercel's right to profit from their open-source creation, the author argues that the company fails to maintain proper boundaries between the framework and their commercial hosting service.

React i18next tips and tricks
12 minutes by Mensur Durakovic

Mensur provides a comprehensive guide to advanced React internationalization using i18next and react-i18next, covering TypeScript integration, namespaces for organizing translations, fallback mechanisms, dynamic keys, context-based translations, pluralization rules, ICU formatting support, and custom formatting functions. He demonstrates practical code examples for handling complex translation scenarios across different languages, ensuring type safety, and validating translation completeness, ultimately helping developers create globally accessible applications with culturally-aware user experiences.

webdev

• The <select> element can now be customized with CSS
• Grid First, Flex Third
• Memory safety for web fonts

javascript

• Next.js bypass authorization CVE
• The hardest bug I ever debugged
• A Tiny Undo Stack

And the most popular article from the last issue was:

• SSR Deep Dive for React Developers