When dealing with a Single Page Application, there is a way to bypass certain middleware security checks by disabling JavaScript on the page. However, this method may result in no content being displayed since it relies on dynamic generation rather than static files.
If your application is isomorphic and includes server-side rendering (ssr: true), the authentication module will still prevent unauthorized access to protected pages.
The crucial information is only accessible when:
- You have a valid JWT token obtained after logging in
- You send an HTTP request to the backend
- The backend verifies the token's validity and responds accordingly
- The sensitive information is provided through an HTTP response from the backend
It is important to note that client-side code does not need to be highly secure. Even if someone manages to manipulate the client-side state and access sensitive pages, they will still not have a valid JWT token as the verification process occurs on the backend. This token can only be generated by submitting proper credentials to the backend for validation.