Comments (5)
If I got you right this isn't a client but a server issue. Content security should never be handled on the client, because an attacker could easily bypass that.
=> you should change your server to reply with a 401 error instead of serving the static content, hence causing angular to react to the 401 immediately
from angular-http-auth.
By static contents, i mean the ones present at client side. Example: Labels etc.
So this isnt a server side issue..
from angular-http-auth.
@CatchSandeepVaid resolve your data needs already at routes to prevent Controller loading before you've got the data: https://github.com/johnpapa/angular-styleguide#route-resolve-promises
And possibly implement user rights separately from backend for the client, but don't rely on it for security, as @Aides359 already said.
from angular-http-auth.
My solution to this issue was to create a custom directive which hides everything behind some "please wait" spinner. This directive was also listening for events with some name, like:
<div hide-until-ready="customer-data">
.... the entire form
</div>
Now, inside the CustomerDataCtrl
, when everything is fetched from server and all possible other promises are finally resolved, I publish the "customer-data" event and the spinner disappears showing everything including data loaded from server.
Simple and worked very well. Also there was no need to tinker with routes. It worked everywhere on the page, not only at route changes.
from angular-http-auth.
.config(['$httpProvider', function ($httpProvider) { $httpProvider.interceptors.push(['$rootScope', '$q', 'httpBuffer', function ($rootScope, $q, httpBuffer) { return { responseError: function (rejection) { var config = rejection.config || {}; if (!config.ignoreAuthModule) { switch (rejection.status) { case 401: var deferred = $q.defer(); var bufferLength = httpBuffer.append(config, deferred); if (bufferLength) $rootScope.$broadcast('event:auth-loginRequired', rejection); return deferred.promise; case 403: $rootScope.$broadcast('event:auth-forbidden', rejection); break; } } // otherwise, default behaviour return $q.reject(rejection); } }; }]); }]);
change in line #62 http-auth-interceptor.js
from
if (bufferLength === 1)
to
if (bufferLength)
so ever response with 401, modal login can opem
from angular-http-auth.
Related Issues (20)
- Breaks angular-loading-bar HOT 7
- doesn't seem to use the config for the next requests HOT 4
- bower install warning HOT 7
- There is no minified version on bower/npm HOT 5
- Issue using ng-file-upload and http-auth-interceptor HOT 14
- resume loading screen HOT 3
- login address returns 404 after 401 intercept HOT 2
- Error when config doesn't exist HOT 1
- Add Trip distance
- How angular-http-auth-buffer works ? HOT 2
- npm version stuck on 1.2.1 HOT 2
- Prevent double event HOT 1
- Basic authentication results in 404 HOT 4
- no 'event:auth-loginRequired' since 1.3.0 HOT 6
- Scenario with refresh token (e.g. authService.ignoreCurrentRequest()) HOT 3
- Add Better loginCancelled documentation to avoid confusion HOT 1
- Please add license = "MIT" to bower.son HOT 2
- Even't function won't fire HOT 6
- Interceptor automatically captures all 401s and prevents other interceptors from having an opportunity to examine them
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular-http-auth.