Plugin: browser-securityRules
no-client-side-auth-logic
ESLint rule documentation for no-client-side-auth-logic
📡 Live from GitHub — This documentation is fetched directly from no-client-side-auth-logic.md and cached for 6 hours.
Keywords: browser, security, authentication, client-side, ESLint rule, LLM-optimized
Prevent client-side authentication logic that can be bypassed. This rule is part of eslint-plugin-browser-security and provides LLM-optimized error messages.
Prevent client-side authentication logic that can be bypassed. This rule is part of eslint-plugin-browser-security.
Quick Summary
| Aspect | Details |
|---|---|
| Severity | Error (security) |
| Auto-Fix | ❌ No auto-fix |
| Category | Browser Security |
| ESLint MCP | ✅ Optimized for ESLint MCP integration |
Rule Details
Client-side authentication checks can be easily bypassed. Always validate authentication on the server.
Examples
❌ Incorrect
// Client-side role check
if (user.role === 'admin') {
showAdminPanel();
}
// Client-side password validation
if (password === storedPassword) {
grantAccess();
}✅ Correct
// Server validates and returns appropriate response
const response = await fetch('/api/admin/panel', {
headers: { Authorization: `Bearer ${token}` },
});
if (response.ok) {
showAdminPanel();
}Configuration
{
rules: {
'browser-security/no-client-side-auth-logic': 'error'
}
}