Server Actions in Next.js 15 allow you to write server-side functions that can be called directly from client components and HTML forms, enabling progressive enhancement and type-safe mutations without a separate API layer.
0 / 5 completed
1 / 5
What directive must appear at the top of a file (or function) to mark it as a Server Action in Next.js 15?
'use server' is the directive that designates a module or individual async function as a Server Action. When placed at the top of a file, all exported async functions in that file become server functions callable from client components without an explicit API route.
2 / 5
How do Server Actions integrate with HTML <form> elements in Next.js 15?
Form actions in Next.js 15 accept a Server Action directly in the action prop: <form action={createItem}>. The form works with progressive enhancement — it submits via a standard POST even when JavaScript is disabled, and enhances to a client-side transition when JS is available.
3 / 5
What React hook is typically used to implement optimistic updates alongside Server Actions?
useOptimistic lets you immediately display a predicted UI state while a Server Action is in-flight. You call addOptimistic(newValue) before await serverAction(), and the optimistic value is shown until the server responds, at which point React reverts to the real data.
4 / 5
In Next.js 15, what does useActionState return?
useActionState (previously useFormState) returns [state, action, isPending]. The state accumulates the return value of the Server Action across calls, action is the wrapped function to pass to the form, and isPending signals whether a submission is in flight.
5 / 5
What security mechanism does Next.js apply to Server Actions to prevent cross-site request forgery?
Next.js Server Actions include built-in protection: they validate that requests originate from the same origin and use non-enumerable action IDs. Additionally, the Next.js docs recommend that developers always check session authentication inside each action because the action ID alone is not a sufficient authorisation gate.