What methods can I use to ensure that a user's credentials are not shown in the URL?

My NextJS application sometimes behaves unexpectedly.

Whenever I have a slow connection and the initial load time of the site is longer than usual, after trying to log in to the application, the credentials I entered are displayed in the URL. This happens even though I have included event.preventDefault() in the submit function and I am not using GET method.

I attempted to enhance the app's performance and reduce the loading time of the pages initially, but if a user intentionally slows down the loading time, it can become exploitable.

All I want is to prevent the credentials from being exposed in the URL. It could potentially be replaced with any other type of error.

Below is the code snippet:

  async function handleLogin(event: FormEvent<HTMLFormElement>) {
    event.preventDefault();
    setIsLoadingLogin(true);
    setError('');
    const captchaValue = await captchaRef.current?.executeAsync();
    if (!captchaValue) {
      setError('Captcha Error. Please try again later.');
      return setIsLoadingLogin(false);
    }
    try {
      const { access, refresh } = await loginService({
        email,
        password,
        captcha_value: captchaValue,
      });
      setCookie(undefined, cookieNames.userAccessToken, access);
      setCookie(undefined, cookieNames.userRefreshToken, refresh);
      await router.push('/home');
    } catch (error: any) {
      if (error.response.status === 500) return setError('Server Error.');
      if (error.response.data.detail) return setError(error.response.data.detail);
    } finally {
      setIsLoadingLogin(false);
      setPassword('');
      captchaRef.current?.reset();
    }
  }


<form onSubmit={handleLogin}>
...
</form>
javascriptperformanceauthenticationsecuritynext.js

Answer №1

It appears that the slow connection is causing JavaScript to not be fully downloaded when you submit your form.

I can suggest a couple of solutions:

  1. Include method="POST" in your form - this will ensure that the submission occurs through HTML form and not JavaScript
  2. Hide your form initially or disable the submit button. Once the JavaScript has loaded, enable the form

Answer №2

Try utilizing the btoa() and atob() JavaScript functions for encryption and decryption tasks.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

What is the purpose of using route('next') within ExpressJS?

In the documentation it states: You can have multiple callback functions that act as middleware and can invoke next('route') to skip the remaining route callbacks. This is useful for setting pre-conditions on a route and then passing control t ...

javascriptnode.jsexpress

Updating and eliminating text within an array of objects using Vue JS

My Axios request pulls in an array of objects named 'uniquecolors'. Here is what it looks like: mycolors color: [GREEN, RED, BLUE, YELLOW, ORANGE,ORANGE,GREEN,] color: [GREEN, RED, BLUE, YELLOW, ORANGE,ORANGE,GREEN,] color ...

javascriptvue.js

The REACT- Popover feature seems to be having trouble showing the data from my json file

Within the menu/ section, the names of my invited guests are not visible; only the InfoIcon is displayed in the cell. My goal is to implement a Popover feature that will show all the information about the invited guests (including their names and locations ...

javascriptreactjsreact-hooksmaterial-uipopover

AngularJS - "Refrain from replicating items in a repeater"

I am facing an issue with creating HTML textarea elements for each member of an array. Despite consulting the AngularJS documentation and attempting different track by expressions, I am unable to render them. The problem arises when a user inputs the same ...

javascriptangularjsangularjs-ng-repeat

Utilize key-value pairs to reference variables when importing as a namespace

Is it feasible to utilize a string for performing a lookup on an imported namespace, or am I approaching this the wrong way? Consider a file named my_file.ts with contents similar to: export const MyThing: CustomType = { propertyOne: "name", ...

javascripttypescriptjavascript-import

Locate the final element within an array using JavaScript

Provided with a file path like new/lib/java.exe, I am looking to eliminate the root folder 'new' and structure the new path as lib/java.exe. Challenge: After my attempts, I am left with the path as lib/java.exe/ which includes an unwanted "/". I ...

javascriptarrayssplit

Navigating the express subdomain

I'm currently utilizing the package express-subdomain. The issue is that the router handling subdomain requests is the same as the one handling non-subdomain requests. I suspect there's an error in my 'app.js' configuration. How shoul ...

javascriptnode.jsexpressexpress-subdomain

HTTP request in Angular with specific body content and custom headers

My goal is to access the sample API request from , as demonstrated in the documentation: curl -H "api-key: 123ABC" \ -H "Content-Type: application/json" \ -X POST \ ...

javascriptangularresthttp

What is the meaning of MVVM "binder" and how is it used?

I've been conducting research online to gain a deeper understanding of the MVVM architecture in general. According to Wikipedia, the key components of the MVVM pattern are: Model View View Model Binder This is the first time I have come across the ...

javascriptangularjsdesign-patternsmodel-view-controllermvvm

The contents of the div disappear when using jQuery to extract it from a string

Update: I finally uncovered the reason behind the empty content of the #output div. The content is fetched from the server, which takes some time; by the time the document loads, the div remains empty. Does anyone have suggestions on how to extract infor ...

javascriptjqueryquery-string

Iterating through a JSON object and an array

I've been attempting to iterate through a JSON object but I'm struggling with it. Below is the JSON object I need to work with. This JSON data will be fetched from another website, and my goal is to loop through it to extract certain details. ...

javascriptphpjqueryjson

What is the best way to modify the attributes of an object within the state?

Although I've been working with the React framework for a few weeks now, I still find myself surprised by new challenges on a regular basis. Currently, I am focused on developing the login/game lobby/server lobby for a group project game. The concept ...

javascriptreactjs

InternJS - Unresolved TypeError: The undefined object does not have a property named 'readFile'

I am currently facing an issue with Intern.js during functional testing. The error mentioned in the title has me puzzled as I struggle to figure out how to successfully load json files through FS or require. Despite my best efforts and extensive searches o ...

javascriptnode.jsintern

Preloading error alert message displayed during AJAX request

When I send an ajax request with a dropdown change, the loader div is shown using "before send". However, the issue is that the loader only displays for the first time, even though the ajax functionality works all the time. If you want to check this issue ...

javascriptjqueryajax

``Is there a way to retrieve the file path from an input field without having to submit the form

Currently, I am looking for a way to allow the user to select a file and then store the path location in a JavaScript string. After validation, I plan to make an AJAX call to the server using PHP to upload the file without submitting the form directly. Thi ...

phpjavascripthtmlformsfile-upload

Node.js with Socket.io causes multiple events to be triggered

Currently, I am in the process of developing a rochambo game using node.js and socket.io. The game works as follows: A player places a bet, which is then sent to all other players. These players can choose a sign and click on 'challenge'. Howeve ...

javascriptnode.jssocket.io

Repeated instances of the same name appearing in the dropdown list every time the tab button is clicked

When using my function in the onclick nav tabs event (triggered by clicking on any tab), I have a requirement where I need to ensure that no duplicate names are inserted into the dropdown list. The current function is working perfectly, but I am looking fo ...

javascriptjquery

Creating a Vibrant Progress Bar with Multiple Colors: A Step-by-Step Guide

I'm still getting the hang of things, so I apologize if my question isn't perfectly clear. What I'm trying to do is create a dynamic progress bar with multiple colors that animates upon loading the page. I've seen some examples similar ...

javascriptjqueryhtmlcssprogress-bar

Enter a keyword in the search bar to find what you're looking

I am working on a form where users can select their occupation from a list that is stored in a separate .js file. The list includes various occupations like 'AA Patrolman' and 'Abattoir Inspector'. var occupationSelect = "<select id ...

javascripthtmlinput

Exploring JavaScript and Node.js: Deciphering the choice of prototype.__proto__ = prototype over using the

Currently exploring the Express framework for node.js and noticed that all the inheritance is achieved through: Collection.prototype.__proto__ = Array.prototype; Wouldn't this be the same as: Collection.prototype = new Array; Additionally: var ap ...

javascriptnode.jsexpress