0
Is there a way to prevent a user from manually typing the access_token by browser?
For example, if I put a key with the name access_token direct by the browser, and type any value, I can enter a route "protected".
Basically, I do checks whenever the user enters a route. I also use Axios interceptors, if the token is invalid it throws the user to the login screen and removes the access_token of localStorage. However, if he type something, manually, he can even for a second view the content from within the route, until the server request is made and then it is sent to the login screen.
In a way, I’m treating it this way:
router.beforeEach((to, from, next) => {
const token = localStorage.getItem('access_token');
if (token) {
axios.defaults.headers.common['Authorization'] = `Bearer ${token}`;
}
if (auth.getters.isLoggedIn && to.name === 'login') {
next('/');
} else {
if (to.matched.some(record => record.meta.requiresAuth)) {
if (auth.getters.isLoggedIn) {
axios.interceptors.response.use(response => response, error => {
const status = error.response ? error.response.status : null
if (status === 401) {
auth.commit('logout')
next('/login')
}
return Promise.reject(error);
});
next()
return
}
next('/login')
} else {
next()
}
}
})
"Predict" or "prevent"? "Predict" is impossible, because you don’t know what the user will do before he does it.
– Sam
Yes, rs. I switched the balls!
– SkullFire
Try placing that next above the Return inside the Interceptor in an if status === 200
– Guto