This is Part 2 of key frontend interview questions.

These topics cover SSR/CSR, security (XSS, CSRF, HTTPS), Next.js serverless architecture, SEO, and error boundaries.

Question 1. How does Next.js enable SSR?

• Next.js runs on top of Node.js, with a built-in HTTP server.
• When a request arrives:
  1. Next.js executes the React component matching the route.
  2. The component is rendered to an HTML string.
  3. That HTML is sent back to the browser.
• Browser immediately displays pre-rendered HTML → SSR works without extra setup.

API Routes

• /pages/api/* or app/api/* become serverless API endpoints.

export default function handler(req, res) {
  res.status(200).json({ message: "Hello Next.js API!" });
}

• Enables a lightweight API server in Next.js.

Serverless Functions

• Run only when requested, then shut down automatically.
• Pros: no idle resources.
• Cons: short-lived, DB connections cannot persist.

Serverless-Friendly Databases

• MongoDB Atlas → cloud-managed, pools connections.
• AWS DynamoDB → fully serverless NoSQL DB.

Question 2. What is CSR vs SSR, and what’s the difference?