Menu
A fun curiosity as I build my React application:
I notice how in the browser we can play with the client-code and/or resources. (e.g change css, change html, change a js variable).
Does that mean we can also manipulate the global state of the stores from the browser?
For example, if are doing client-side routing(all client-code is on the browser) and we are checking the store data to see if a user is logged in order to allow routing - couldn't we(or anyone for that matter) just manipulate the store state to override the required login and just walk around the application anyways?
I realize that example can be trivialized in many ways - but the main question is if the global state of the client application code can be played with to trigger different renderings of components while in the browser or even render completely different parts of the component state tree for that matter.
Note: Forgive any signs of major ignorance this might expose.haha. I'm just not sure and I think it would be interesting to know for many reasons both from a development and UX standpoint.
847
To manage your global state, reach for tried and tested third-party libraries like Zustand, Jotai, and Recoil. Redux is also great, but make sure that you get started using Redux Toolkit.
Yes it can be easily manipulated.
Yes, with React/Redux Dev Tools user can do anything with data in the store. So you should never store any sensetive data on frontend, and validate every user request on server-side.
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
