Angular canActivate Security
I've been thinking a lot lately about the security of the application I'm working on. The client side is built in Angular with a Rails API backend. From what I can gather, the general consensus is that if it's on the client, assume it might be compromised. So it surprises me when and if I should use something like canActivate
for a route, or if I should instead check for authorization every time on the server for route requests. I was thinking about putting an auth request to the server in canActivate
, but I'm guessing there canActivate
is a hack to respond true
without having to respond by the server? If so, something like canActivate
if it's just a glass door?
source to share
No one has answered this question yet
Check out similar questions: