You've asked for more ideas to make Livewire strict. So here we go...
Another issue (which most devs do not expect) is that also the action call in the HTML can be changed. So that id that should be passed? Yeah, that can be changed on the client side too.
It would be great to have an option (like signed urls) to make action calls tamper proof. An idea would be that the action with parameters and component instance id are signed to disable any modifcations.
class UserBalance extends Component
{
#[Signed]
public function updateBalance(int $sum)
{
// ....
}
}
LivewireStrict::signedActions();
You've asked for more ideas to make Livewire strict. So here we go...
Another issue (which most devs do not expect) is that also the action call in the HTML can be changed. So that id that should be passed? Yeah, that can be changed on the client side too.
It would be great to have an option (like signed urls) to make action calls tamper proof. An idea would be that the action with parameters and component instance id are signed to disable any modifcations.