if you are worry about security check this out. React(JSX) default is preventing from XSS attack. unless you inject it DOM directly or do something like this ; dev.to/spukas/preventing-xss-in-react-applications-5f5j
You simply stated everything need to accomplish the goal and you very articualtely explained every espect of it . It shows you have complete command and knolwedge of the topic! Great job. HOWEVER there is a security flaw. THat Cookie can be changed by user to logintrue to get FULL app access !
This has security concerns. I would not use a site that had authentication implemented this way. Please create part 2 of the video so people do not overlook this. For people wanting an easier and more secure method for user authorization, use firebase authentication. Both client and admin sdk.
I agreed with you, until you marketed firebase. A good (an even great) security can be achieved coding manually, without using something like firebase.
Super helpful tutorial HOWEVER this uses react--router-dom@5.2.0 and will not work with version 6.0 since the Switch has been changed to Router. I struggled to make it work and then decided to run npm uninstall react-router-dom followed by npm install reacte-router-dom@5.2.0 and then it worked great. This issue is noticeable at the 5:50minute mark.
Thanks for the video, but in this I'm the auth state wont be global (meaning being able to use the state in other component without passing down props)?
You got bug ? After login, if you refresh dashboard, it will change url from "/dashboard" to "/login" then redirect to "/dashboard". It happend very quick
Thanks. You explaim very good. "Simple" and good. I have another question. What does the "star" in this export means? export function* handleGetIdentityRequest()
need some changes acc router-dom v6, many things such as switch and Route way to handling components nd attributes are changed, otherwise a great summarization for secure authentication!
@Jakub Olejnik once the presence of the token redirects you inside the app, you should still have a loader hiding the page and in the background an API call should immediately be done to verify the token and its respective user. if it is not valid , then clear the token and redirect to the login page
So i added another ProtectedRoute for let's say about page. when i write in the url /About it redirect me to dashboard if i'm login not about can u help me
I think you should make the navigation to the about page rather than go to that page directly by typing in the URL. The reason when we typed in the URL and redirect to the dashboard because when you do that the page is refreshing and it will check that you are authentication or not if yes it's always redirecting to the page that we serve which is Dashboard page. Try: above add About Hope that's working :)
if you are worry about security check this out. React(JSX) default is preventing from XSS attack. unless you inject it DOM directly or do something like this ; dev.to/spukas/preventing-xss-in-react-applications-5f5j
You should still be able to use the same method to get the cookie. You can check if the cookie has indeed been sent by the server via your browser settings.
Everything cool, but man just stop trying to type so fast and then fast repairing the mistakes, because it is so annoying when u type something wrong and u repair 1 word 3 times :D
