0

I know that a certain element or component will not be included in the DOM when the *ngIf directive is set to false. Say I have a component that shows the admin tools and it should only be accessible to authorized users (administrators). Does the ngIf directive set to false prevent the javascript that makes up this component from being sent to the browser of unauthorized users? I am asking this because I don't want anyone unauthorized to be able to see my admin page somehow (maybe by decompiling). So is it available for everyone? And if so, how difficult is it to extract that admin component from the javascript files?

Thanks you,

Improve this question
1

1 Answer 1

Reset to default
1

You should put the admin page in an NgModule and put it on a lazy load path in the Route config. This way it will become a module and package file of its own, and will only be loaded if someone navigates to that page. You should add a route guard (CanLoad) to prevent unauthorised access.

If you really want to go all in, you should also prevent loading of that package file to people who are not logged on or do not have admin access directly from your server

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.