🔒 Add #[Locked] attribute to Livewire components to enhance security against client-side state tampering

2026-02-05 17:03:16 +00:00 · 2026-02-03 22:49:42 +01:00
parent 71ce57ddd3
commit 2957e89c79
13 changed files with 149 additions and 2 deletions
--- a/resources/views/livewire/association/project-support/form/create.blade.php
+++ b/resources/views/livewire/association/project-support/form/create.blade.php
@@ -3,6 +3,7 @@
 use App\Models\ProjectProposal;
 use App\Support\NostrAuth;
 use Livewire\Attributes\Layout;
+use Livewire\Attributes\Locked;
 use Livewire\Attributes\Title;
 use Livewire\Component;
 use Livewire\WithFileUploads;
@@ -25,8 +26,10 @@ class extends Component

    public $file = null;

+    #[Locked]
    public bool $isAllowed = false;

+    #[Locked]
    public bool $isAdmin = false;

    public function mount(): void
--- a/resources/views/livewire/association/project-support/form/edit.blade.php
+++ b/resources/views/livewire/association/project-support/form/edit.blade.php
@@ -3,6 +3,7 @@
 use App\Models\ProjectProposal;
 use App\Support\NostrAuth;
 use Livewire\Attributes\Layout;
+use Livewire\Attributes\Locked;
 use Livewire\Attributes\Title;
 use Livewire\Component;
 use Livewire\WithFileUploads;
@@ -14,6 +15,7 @@ class extends Component
 {
    use WithFileUploads;

+    #[Locked]
    public ProjectProposal $project;

    public array $form = [
@@ -27,8 +29,10 @@ class extends Component

    public $file = null;

+    #[Locked]
    public bool $isAllowed = false;

+    #[Locked]
    public bool $isAdmin = false;

    public function mount($projectProposal): void