2

I created asp.net core with react.js template in VS 2019

It seems to use AuthRouter compoent in react.js to authorize the page

As far as i understand react.js is actually running on client-side (Doesn't the web server deploy the built react.js file?)

Doesn't that have a risk?

Doesn't asp.net core need authentication on the server side to deploy react.js files?

Improve this question
1
  • Please keep one question per post. Also it is unclear what is your main question here. Commented Feb 26, 2021 at 10:37

1 Answer 1

Reset to default
2

As far as i understand react.js is actually running on client-side

Correct. React apps are typically build as SPAs (single page applications) where we have a JS app running in the browser and an api app (c#) running on server side.

(Doesn't the web server deploy the built react.js file?)

"Deploy" typically means "bring something to (production) server". So, no your server does not "deploy" the js file but it "serves" or "delivers" the js app. (it brings it from server to your users web browser).

Doesn't that have a risk?

Your JS app schould not contain any sensitive information in it' source code. It should fetch data from your server's api. So no, just delivering the app is no problem.

Doesn't asp.net core need authentication on the server side to deploy react.js files?

It's not the react.js file that needs to be protected (typically) but the data that app reads from or writes to your server api.

You need to check authorization twice for SPAs:

  • Client side (react) - this is only for usability. (You don't want to show your users pages that will result in errors if they try to fetch data from server, right?)
  • Server side - this is for security.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.