Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: secure routes without relying on +layout.svelte #25

Closed
stephenrichter opened this issue Aug 31, 2024 · 1 comment
Closed

Auth: secure routes without relying on +layout.svelte #25

stephenrichter opened this issue Aug 31, 2024 · 1 comment

Comments

@stephenrichter
Copy link
Contributor

stephenrichter commented Aug 31, 2024
edited
Loading

While the current auth_guard works for simple purposes, we should keep an eye on the following issues with using +layout.svelte for guarding the app tree most effectively.

As raised in:

// Everything in the app route tree is protected behind user accounts.
$effect.pre(auth_guard);

^ This is not exactly true for routes below the +layout.svelte file. I'm researching a more secure solution and will see if I can open a PR at a future date once SvelteKit 2 is more stable.
@stephenrichter
Copy link
Contributor Author

Closing as I learned more about SvelteKit and understand this is not as much a concern for SPA/CSR. The auth_guard can run on individual +page.js files safely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stephenrichter