In the case of 404, if a user hits /404 on browser, its registered route guard will work (if any).
However, if one is redirected from a non-existent page like /frerdfdfds to /404, then route /404 will ignore its own guard.
This is bad on apps with a login page. One usually does not want 404 to show up on login pages because strangers can exploit it to guess route paths that are only accessible through authentication randomly, so guard is very important in such a case.
In the case of 404, if a user hits
/404
on browser, its registered route guard will work (if any).However, if one is redirected from a non-existent page like
/frerdfdfds
to/404
, then route/404
will ignore its own guard. This is bad on apps with a login page. One usually does not want 404 to show up on login pages because strangers can exploit it to guess route paths that are only accessible through authentication randomly, so guard is very important in such a case.