this post was submitted on 04 Jun 2024
115 points (96.0% liked)
Technology
59434 readers
3002 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m not a programmer but is it normal that the login page contains the whole main JavaScript code of a logged in user?
Also, what’s the point of having this kind of client side api? Because you can never trust the client shouldn’t be everything server side and only return a html page with the data related to your account?
It doesn't matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way
There wasn't a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn't check who is actually authenticated)