Menu
I just installed the MEAN stack (MongoDB, Express.js, AngularJS, Node.js) and opened up the example program (as found on mean.io) and they have a basic app that you can login to and create blog "articles" just for testing and such.
Anyway, I removed the '#!' from the URL and it outputted the entire user and article models as they are in the database. It seams as though doing that made it stop routing through Angular and instead used the Express routes which are just JSON REST apis. Is this a flaw in the MEAN stack package, Angular as a whole, or maybe just a development environment setting? I can't imagine that this would be released with a huge flaw like that but maybe I'm just missing something..
Replicateable steps:
555
Routing in Angular allows the users to create a single-page application with multiple views and allows navigation between them. Users can switch between these views without losing the application state and properties.
Angular Router supports multiple outlets in the same application. A component has one associated primary route and can have auxiliary routes. Auxiliary routes enable developers to navigate multiple routes at the same time.
At the basic level, routing allows angular to display different "pages" or components. You probably want to have it, if you want to navigate across pages in your application. It shouldn't hurt anything if you add it, but don't use it.
Its just an app configuration. If you change the routes.js from:
app.get('/articles', articles.all);
to
app.get('/articles', auth.requiresLogin, articles.all);
Then if you try and hit the url /articles directly you get the message:
"User is not authorized"
Instead of JSON listing all the articles.
193
As you say, removing the #! causes the routing to be handled by the server. The node API then dumps the user object in the response.
The problem is completely independent from Angular - the app is only served by Node at the / route. Angular then uses the hash value to show the correct page.
This is probably just a problem with the example provided by MEAN. The app itself is insecure, when they talk about best practices that refers to the code structure and setup rather than the quick demo.
You could ask them about it, since there will probably be people who build on top of the example and don't fix the security issues.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
