I write all my newsletters using Kit β, my favorite newsletter platform.
Subscribe to the newsletter
Get the latest updates delivered directly to your inbox.
πΏ Stop Putting Auth in Middleware (and a surprise for you)
Hey ,
β |
Middleware got renamed to Proxy in Next.js 16. Same functionality. Better name. What is Proxy? Every request to your app has to go somewhere - a page, an API route, a file. Proxy gets to look at it first and decide what happens: send the user somewhere else, serve different content silently, or just let it through as-is. Think of it as a traffic controller π¦ sitting in front of your routes. So, why you should stop putting auth in Proxy? It feels like the perfect place but it isn't. Developers started throwing auth and session logic into middleware. That's not what it's for. "Middleware" kept getting confused with Express middleware too. That's exactly why it got renamed. So where should you do it? Next to the data access layer i.e. fetching the data or where you need it. Here's how proxy should be, But there is another very important reason too In March 2025, a CVE disclosed that Next.js uses an internal header called That's also why auth should NOT live in Proxy. π‘ Takeaway β Use Proxy for redirects, rewrites, headers, A/B tests β Move auth into Server Components, Route Handlers, or Server Actions |
π Latest Frontend News
LIBRARY UPDATES βAstro 6.0 is out and it basically catching up to Next.js's feature set (native font optimization, route caching, CSP, better SSR) but users have to explicitly choose which ones to enable A React framework built for Cloudflare is now out of beta and full stable β A new CLI tool by βshadcn/cli v4 is out - this is a HUGE update. Previously, changing fonts, colors, icons, or component library meant manually updating multiple files. Now a single TypeScript 6.0 is now available as a release candidate, go try it (with caution) before it officially ships βPrisma ORM 7.5.0 just shipped with Nested transaction rollbacks via save-points, Run raw SQL in Studio and a lot more. β GREAT READ βSlim lets you share your local dev server with a public URL, no tunneling headaches How does a Fast Rust bundler for JS/TS handle chunking and dependency graphs for faster builds and bundles βNext.js installs will soon include version-matched docs, giving agents context on new and recently updated APIs.
AI Claude Code just killed a bunch of startups as it now has built-in code review - it can analyze pull requests, flag issues, and suggest improvements before you merge Ask Side Questions while your main task keeps running in Claude Code?, Remember the hype around Cloudflare's Next.js alternative? Well, there are multiple critical security flawsβ |
π Your Feedback helps shape the newsletter
Make sure to keep sharing your feedback by clicking one of the links below. I'm listening π . βπ Itβs okayβ βπ Not goodβ |
If youβve published a blog post or shipped something, feel free to reply to this email and it comes straight to my inbox. Iβm always looking for great community work to consider featuring. β All past newsletters can be found here. You can email me at me@kulkarniankita.com to advertise/sponsor the newsletter. For those curious, I write all my emails using Convertkit. |
If youβd like to keep learning, you can grab yourself a copy of the course:
β Buy a copy of The Modern Full Stack Next.js Course π
Use code: FLASH40 for 40% off or use the ppp code from the banner on the website, whatever is cheaper.
β
See you next week!