this post was submitted on 04 Jun 2024
114 points (96.0% liked)

Technology

59641 readers
2695 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

This article is a great example why you should use your own router instead of ISP provided one

you are viewing a single comment's thread
view the rest of the comments
[–] Wispy2891@lemmy.world 2 points 5 months ago (1 children)

I’m not a programmer but is it normal that the login page contains the whole main JavaScript code of a logged in user?

Also, what’s the point of having this kind of client side api? Because you can never trust the client shouldn’t be everything server side and only return a html page with the data related to your account?

[–] moira@femboys.bar 2 points 5 months ago

It doesn't matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way

There wasn't a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn't check who is actually authenticated)