Preventing navigation to secure routes

Preventing access to secure routes using client-side code is not secure. The only secure way to guarantee that users cannot navigate to unauthorized areas of the application is to require that the page be reloaded; this provides the server the opportunity to refuse access to the URL. Reloading the page is not ideal, because it defeats many of the benefits of a rich client application.


While reloading the page to do security is not usually a good idea in a rich client application. It can be useful, if you have a clear distinction between areas of your application. For instance, if your application was really two subapplications, each having very different authentication requirements, you could host them ...

Get Mastering Web Application Development with AngularJS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.