Authorization enforced only on frontend | Critiq Docs

#Metadata

Rule ID: ts.security.frontend-only-authorization
Severity: high
Confidence: 0.65
Languages: javascript, typescript
Presets: experimental
Stability: experimental
Applies to: project
Tags: authorization, crq-sec-024, rules-catalog, security

#Why it matters

Frontend checks are easy to bypass, so sensitive routes need server-side authorization on the backend path itself.

#Remediation

Add a backend authorization or permission check on the matching route handler.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.frontend-only-authorization.rule.yaml.

Back to registry Open rule in repository