How does next/router protect my site from malicious user behaviour?

[huntedman]

Hi 👋

I have a simple page that I'm trying to protect with this useEffect():
if(!user){ router.replace({ pathname: '/', query: { sidebar: 'login' }}

I'm trying to wrap my head around this:
When I open my site with, let's say, google chrome together with the debugger,
what's stopping me from editing the 'pathname' or 'query' string to bypass this block?

I tried doing this in my browser and the router still directs me to the initial page.

Is it even a valid concern, presuming I'm using dynamic imports for all my protected content?

[brianlovin]

Is it even a valid concern, presuming I'm using dynamic imports for all my protected content?

In general it's safe to assume that all of your client-side code is corruptible by the end user. So it's definitely good to make sure sensitive information is protected on the server, usually with some kind of authentication or authorization setup. This will ensure that users are only able to fetch data they have permission to see. If they manually edit URLs like this, or poke at your client side code (e.g. to skip validation checks), they would still get blocked by proper server-side authorization and validation.

If you've got your server set up, it should be fine if a user tinkers with URLs like this.