-
|
If I understand correctly, Loader authorization is handled in a nested manner for layout routes: if a layout route performs a verification, all child routes benefit from it. However, it does not seem Action authorization works the same way, since actions handlers are effectively just POST endpoints and no nesting can happen there. If this is the case, then all actions need to be self-standing when it comes to authentication and authorization. Are these assumptions correct? What is the right way to go about this? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Every loader and action should authorize the user if required, parent routes don’t protect child routes in every scenario, if your child rout change but the parent didn’t Remix will fetch the child route loader but not the parent route loader so the child loader may not be protected if the user session expires. Consider each loader and action an API endpoint, you can’t trust an endpoint to protect another endpoint. |
Beta Was this translation helpful? Give feedback.
-
|
Gotcha, that makes perfect sense, thank you. PS: I'm not one to point out typos to strangers on the internet (especially if they just gave me hand!), but I feel like those who will land here in the future might get confused by that "can" that you meant to be a "can't" :) |
Beta Was this translation helpful? Give feedback.
-
|
Fixed the typo, thanks for letting me know! |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for asking this question, I was wondering the same thing today :) |
Beta Was this translation helpful? Give feedback.
Every loader and action should authorize the user if required, parent routes don’t protect child routes in every scenario, if your child rout change but the parent didn’t Remix will fetch the child route loader but not the parent route loader so the child loader may not be protected if the user session expires.
Consider each loader and action an API endpoint, you can’t trust an endpoint to protect another endpoint.