Prevent user from entering token manually by browser

Asked

Viewed 32 times

0

Is there a way to prevent a user from manually typing the access_token by browser?

For example, if I put a key with the name access_token direct by the browser, and type any value, I can enter a route "protected".

Basically, I do checks whenever the user enters a route. I also use Axios interceptors, if the token is invalid it throws the user to the login screen and removes the access_token of localStorage. However, if he type something, manually, he can even for a second view the content from within the route, until the server request is made and then it is sent to the login screen.

In a way, I’m treating it this way:

router.beforeEach((to, from, next) => {
    const token = localStorage.getItem('access_token');

    if (token) {
        axios.defaults.headers.common['Authorization'] = `Bearer ${token}`;
    }

    if (auth.getters.isLoggedIn && to.name === 'login') {
        next('/');
    } else {
        if (to.matched.some(record => record.meta.requiresAuth)) {
            if (auth.getters.isLoggedIn) {
                axios.interceptors.response.use(response => response, error => {
                    const status = error.response ? error.response.status : null
                    if (status === 401) {
                        auth.commit('logout')
                        next('/login')
                    }

                    return Promise.reject(error);
                });
                next()
                return
            }
            next('/login')
        } else {
            next()
        }
    }
})
  • "Predict" or "prevent"? "Predict" is impossible, because you don’t know what the user will do before he does it.

  • Yes, rs. I switched the balls!

  • Try placing that next above the Return inside the Interceptor in an if status === 200

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.