0

I'm trying to hide a sensitive data from the url from a incoming href redirect. The problem arises when the url is manually changed from inside the angularjs controller, which leads to the page reloading.

Catch: I do not have control to add code to the application that has the href containing the url.

For eg:

external url redirect"www.sample.com/subpath?sensitiveNumber=123456789"

I expect the url to be changed to

"www.sample.com/subpath"

I did try to reference solutions from the following SO thread: Can you change a path without reloading the controller in AngularJS?

problem at using reloadOnSearch is when another url comes with a different url data as parameters, it would not reload with the new data.

another method I tried was to store the incoming data into a localStorage of the browser, so that it is not necessary to know the sensitive data when the page reloads on url change; but that would result in all the Async functions to be recalled, impacting performance.

Here is the routing snippet of the current code

.when('/subpath') { template: '<templatePath>', controller: '<controllerName>', reloadOnSearch: false }

thanks in advance

Yogarakshith Rao
  • 11
  • 4
  • You do aware of the fact that event if you "hide" the sensitive data, every user inspect your site `network traffic` from browser will be able to observe that data. Can you share which kind of data are you dealing with? – ymz Feb 05 '19 at 10:56
  • Yes you are right, when you say that, if we do inspect the network traffic, we will see the supposedly sensitive data in the browser. but the implementation for the question is geared towards domain compliance factor, i.e: the data cannot be visible because of security compliance reasons – Yogarakshith Rao Feb 11 '19 at 10:17
  • @ymz - As for the data that i am dealing with it, it is merely a query parameter in the url. trying to prevent the reload after the query param from url is removed. – Yogarakshith Rao Feb 11 '19 at 10:18
  • *"Catch: I do not have control to add code to the application that has the href containing the url"*.. I really think that gaining access will be the best solution you can have in that scenario – ymz Feb 12 '19 at 08:53

2 Answers2

0

change get request to post request.So that data is not sent in the url.

Anshu Prince
  • 21
  • 9
  • So this is not a get/post request.... it is a redirect from a href tag. For e.g.: there is a anchor tag in a production environment that redirects to another application like the following: `Hyperlink redirect` when i get it from this href, there are no requests happening, it is mere href redirect. – Yogarakshith Rao Feb 08 '19 at 14:41
  • use $stateParams https://github.com/angular-ui/ui-router/wiki/URL-Routing – Anshu Prince Feb 11 '19 at 10:01
  • already using angular-routing for the project, and tried working with parameters in that regard. Did not work out. the page still reloaded when the route was changed, thereby breaking the function of a single page application. – Yogarakshith Rao Feb 11 '19 at 10:20
0

Thanks for the responses. The only way we had to overcome this issue is provide and encryption service in between the service layers and performed decryption in our application front-end. As of this date, we do not have a correct verified solution for this problem

Yogarakshith Rao
  • 11
  • 4