What methods can I use to ensure that a user's credentials are not shown in the URL?

My NextJS application sometimes behaves unexpectedly.

Whenever I have a slow connection and the initial load time of the site is longer than usual, after trying to log in to the application, the credentials I entered are displayed in the URL. This happens even though I have included event.preventDefault() in the submit function and I am not using GET method.

I attempted to enhance the app's performance and reduce the loading time of the pages initially, but if a user intentionally slows down the loading time, it can become exploitable.

All I want is to prevent the credentials from being exposed in the URL. It could potentially be replaced with any other type of error.

Below is the code snippet:

  async function handleLogin(event: FormEvent<HTMLFormElement>) {
    event.preventDefault();
    setIsLoadingLogin(true);
    setError('');
    const captchaValue = await captchaRef.current?.executeAsync();
    if (!captchaValue) {
      setError('Captcha Error. Please try again later.');
      return setIsLoadingLogin(false);
    }
    try {
      const { access, refresh } = await loginService({
        email,
        password,
        captcha_value: captchaValue,
      });
      setCookie(undefined, cookieNames.userAccessToken, access);
      setCookie(undefined, cookieNames.userRefreshToken, refresh);
      await router.push('/home');
    } catch (error: any) {
      if (error.response.status === 500) return setError('Server Error.');
      if (error.response.data.detail) return setError(error.response.data.detail);
    } finally {
      setIsLoadingLogin(false);
      setPassword('');
      captchaRef.current?.reset();
    }
  }


<form onSubmit={handleLogin}>
...
</form>
javascriptperformanceauthenticationsecuritynext.js

Answer №1

It appears that the slow connection is causing JavaScript to not be fully downloaded when you submit your form.

I can suggest a couple of solutions:

  1. Include method="POST" in your form - this will ensure that the submission occurs through HTML form and not JavaScript
  2. Hide your form initially or disable the submit button. Once the JavaScript has loaded, enable the form

Answer №2

Try utilizing the btoa() and atob() JavaScript functions for encryption and decryption tasks.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

I need three buttons, but I only want one to be active at a time. When one button is clicked and becomes active

function toggleSlideBox(x) { $("#"+x).slideToggle(300); } I am utilizing a JavaScript feature on buttons to create dropdowns that display forms, text, etc. When one button is clicked, it drops down along with the other two buttons, and when the ...

javascriptjqueryhtml

AngularJS and the JavaScript programming language

Struggling with opening an Excel sheet by clicking on a button? I've written the code, but encountering issues. function openFile(strFilePath) { var objExcel; //Create EXCEL object objExcel = new ActiveXObject("Excel.Applicati ...

javascriptangularjsexcel

Button component in React remains visible until interacted with

https://i.stack.imgur.com/gTKzT.png I'm dealing with a sign out component in my app that requires me to click on it specifically to unselect any part of the application. This is implemented using React Material UI. <MenuItem onClick={e => this ...

javascriptreactjsmaterial-ui

Conceal any ng-repeat elements that do not contain corresponding grandchildren within two levels of nested ng-repeats

Apologies for the enigmatic title, but the issue at hand is quite cryptic ¯\_(ツ)_/¯ I'm dealing with a complex problem involving 3 nested ng-repeats to display Google Analytics' account structure. Within this structure are multiple acco ...

javascriptangularjsangularjs-ng-repeatangularjs-filter

Why is the value of the select element in AngularJS an object?

Here is a JSON object: { "9000A": { "LOCname":"A Place", "LOCid":"9000A" }, "2700C": { "LOCname":"C Place", "LOCid":"2700C" }, "7600B": { "LOCname":"B Place", "LOCid":"7600B" } } To ...

javascripthtmljsonangularjs

Generating a list of values separated by commas from a Microsoft Excel column after applying regular expressions

I have an Excel column that I need to convert into CSV format. A JavaScript regex has been provided to apply on the column values: var regex = new RegExp("[^a-z0-9',.]+","gi"); return input.replace(regex, "_").replace(/_+/g, "_").replace(/^_|_$|^&bso ...

javascriptphpregexexcelcsv

Aligning an element perfectly at the top within a column

I have two columns side by side. The column on the left contains HTML that I cannot control. On the right side, I need to display a comment box that should align with the text clicked on the left hand side. Is it possible to position an element absolutely ...

javascripthtmlcss

Error 400: Invalid Request: Issue encountered when swapping code for Asana access token using Next.js

Encountered a 400 Bad Request error while trying to exchange the code for an access token at . I am unsure of the cause and would appreciate any assistance. Below is the code: const GetAsanaAccessToken = async (req, res) => { const body = { grant ...

javascriptapinext.jsasanaasana-api

Encase all jQuery functionalities within a custom class

I am looking to create a JavaScript class that encapsulates jQuery's DOM functions, but I want these functions to only interact with a single property of that class. class Foo { constructor() { this.$wrapper = $('<div>wrapper</div ...

javascriptjquery

What are some more efficient methods for implementing page location detection with Angular directives?

My website currently features a navigation bar with 4 anchor links that direct users to different sections of the page. As you scroll down the page, the corresponding link on the nav bar lights up to signify your position on the site. Experience it yourse ...

javascriptjqueryhtmlcssangularjs

Tips for limiting users to inputting only alphanumeric characters and excluding special characters in an input field using Angular 8

How can I prevent users from inputting special characters in an input field and only allow alphanumeric values? The code that I have implemented so far does not seem to be working as intended. When a user enters a special character, it still shows up in th ...

javascripthtmlangulartypescript

What is the minimum required node.js version for my project to run?

Is there a command in NPM that can display the minimum required Node version based on the project's modules? ...

javascriptnode.jsnpm

What is the best way to refresh my useEffect hook when a State change occurs in another component's file in ReactJS?

Seeking to execute an API call within useEffect() and aiming for the useEffect() function to trigger every time new data is appended to the backend. To achieve this, a custom button (AddUserButton.js) has been created to facilitate adding a new user to the ...

javascriptreactjscallbackfetchuse-effect

Protractor: Saving data locally with local storage - A step-by-step guide

I've come across several instances of retrieving previously saved information, but I haven't found any examples of retrieving stored values. ...

javascriptangularjsprotractorgulp-protractor

Selecting JavaScript file on change as default option

Currently, I have an HTML file that prompts the user to select an XML file when the file selection is changed. Is there a way to make it so that by default, only one file is chosen? <form id='fileSelection' action=""> <center> <in ...

javascripthtml

The Fetch API within DatoCMS isn't able to retrieve all published posts

I am trying to retrieve all of my published blog posts from DatoCMS. Currently, I have implemented the code below. The issue I am facing is that it only retrieves 65 posts when I know I have more than 100... Can anyone help me figure out what I might be d ...

reactjsnext.jsfetch-apicontent-delivery-networkdatocms

How can the first paragraph value of a div be found using jQuery in Next.js?

How can I retrieve the value of the first <p> tag within my div when a button inside the same div is clicked? Despite attempting to use $(this), it doesn't appear to be functioning as expected. Take a look at the code snippet below: <div cla ...

javascriptjqueryreactjsnext.js

Is the absolute positioned element on the left or right based on its current location?

Is there a way to assign absolute positioning with left at 0px or right at 0px depending on whether the positioned div will go outside of its container? For example, when you right click in a browser and see the menu appear to the right of where you click ...

javascriptjqueryhtmlcssabsolute

Web Audio API functions are encountering a playback issue on iOS 13.3, despite working smoothly on previous iOS versions

I have been developing an audio visualizer using the web audio API. It was functioning smoothly on PC, however, after upgrading to iOS 13.3, it no longer operates on Apple mobile devices. The root cause of this issue remains a mystery to me. The problem s ...

javascripthtmliosweb-audio-api

What could be the reason for the malfunctioning of the Angular options tracking by ID feature?

I seem to be facing an issue with my code: There is an object that holds the id of an item, along with an array containing these items. I require a 'select' element to display the currently selected item and allow for changing the selection. Th ...

javascriptangularjs