Url Access to static HTML pages

amirkoosh9 · May 2, 2020, 9:52pm

Hi,

I’m new to parse and was trying to create a simple web app with it using static HTML pages, CSS, and JS. I’ve used cloud functions also for a few tasks.

The thing is that I’ve created a login page and a function that checks if the user is logged into the web app with JS client-side and it looks like this:

function CheckUserLogin(){
  var currentUser = Parse.User.current();
  if (currentUser) {
	//do nothing
  } else {
    //rediect user to login html page
    window.location.href = "loginpage.html"
  }
}

The thing is that if the user navigates to the /Home.html page via browser URL he can see the page for a few seconds until js checks if he logged in and redirects the user out to the login page.
I guess that’s not so secure…

Any help for achieving this task via JS or are Cloud Functions more secure?

davimacedo · May 4, 2020, 5:10am

You need to make sure that nothing will be rendered before you have verified the user session. It is something easier to be done if you use some JS framework such as React, Angular, or Vue.

amirkoosh9 · May 4, 2020, 10:14am

Yes nothing is rendered and no data is shown at all - especially we implemented ACL and we are giving each item only one user who can read the item - but the static HTML itself with no data is still shown on the page for a second - i forgot to mention - all our files are on the public folder

davimacedo · May 4, 2020, 4:43pm

So you don’t have a security problem, since no one will see sensitive data without having their session validated beforehand. You may have a small UX problem because you are blinking something they should not see. I’d try to add some loading layer over your html or do not display your html content while the session is still being validated. Again, it will be much easier to be done if you use a framework.