top | item 42863531

(no title)

Vite does statically replace the `browser` variable with `true` or `false` based on whether you're on the client or server, but this shouldn't affect the correctness of your code. It does allow Vite to remove any unused code, however. E.g. `if (browser)` turns into `if (false)` on the server and any code within that block can be removed. This can avoid shipping unused code to the client.

Astro is also built in top of Vite and the same thing happens there. If you reference `import.meta.env.SSR` it is statically replaced during build and unused code is tree-shaken out: https://vite.dev/guide/env-and-mode#env-variables

discuss

sureglymop|1 year ago

Thank you for the explanation, that cleared it up a lot for me. In astro I didn't yet use SSR, I will try this out as well.

I do still believe that it may be good to point this out in the docs more thoroughly. In general though, couldn't there be some situations where using a universal load function like this may increase the chance for some security critical logic bugs?

benmccann|1 year ago

You should only access credentials in `.server` files. We have a built-in feature that checks that you only access credentials in `.server` files to try to prevent newcomers from accidentally making any mistake in that regard.