On the mobile version, permission checks are performed in the page that navigates to a restricted page.
While the navigation on mobile allows for such inspections, on web, this security measures can be easily bypassed by directly typing the URL.
Solution
All security checks for navigation have to be also performed when loading the respective pages.
On the mobile version, permission checks are performed in the page that navigates to a restricted page. While the navigation on mobile allows for such inspections, on web, this security measures can be easily bypassed by directly typing the URL.
Solution
All security checks for navigation have to be also performed when loading the respective pages.