I don't feel this is complicated to my project, as I use routing, every
module can only been access from router, it is dynamic router like this:
https://github.com/Longfld/DynamicalRouter.
And after user login, back-end pass all modules name( actuary routes)
and angular client will dynamically build router
So, only authorised modules can be accessed, or you got route does not
exist error.
On Wednesday, April 12, 2017 at 1:43:42 PM UTC+10, thomas boissier wrote:
>
> Hello,
>
> I am learning Angular 2/4 and ASP.NET. When compiling my client app with
> lazy loaded modules, each lazy loaded module are bundled apart. That's
> awesome.
>
> Well, in the context of servers emitting informations for different types
> of users (admin, user, anonymous for exemple), some modules may be designed
> to request APIs made for admin. And so, they contain the URLs to these
> APIs.
>
> As every lazy loadable module can be downloaded as easy as a favicon by
> default, every APIs entries can be discovered.
>
> A solution could be to create as many app as the types of users but I
> wonder if it the server could restrict access to lazy loadable modules
> based on authorization rules. This way, some URLs could stay hidden.
>
> I know that hiding is not a real protection but some people care.
>
> If you know a solution, I'd be glad to hear it.
>
> As my compiler is configured, it also delivers the sourcemaps for
> each created bundle. So, It is possible to retrieve which module(s?) is
> contained in a bundle (based on source file naming). Then, it seems
> possible to configure the server to restrict access to some bundles based
> on a policy which manages module access.
>
> Is this approach feasible?
>
> Thank you,
> Thomas
>
>
--
You received this message because you are subscribed to the Google Groups
"Angular and AngularJS discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
