Assuming there’s some part of your site a user isn’t supposed to have access to, there’s nothing to stop some user from simply downloading all JS and HTML files you have, and figuring out which one points to the blocked page. So a user can pretty much view a blocked page’s view, without data (since the data comes from the server, and shouldn’t be viewed without an auth).
Can this fix by using auth guard alone? As of mu understanding event though we use auth guard. Please help.