Hello, I need help with my web portal developed in Next.js.
All users will be employees of my company and will have corporate credentials.
The computers they will use are 100% controlled by the company.
They will use a Chromium-based browser configured to open my web portal directly.
Current setup
- The browser opens the web with a GET request, sending headers and URL parameters.
- The headers contain the user credentials.
- The URL parameters contain machine identifiers.
- In my
Layout, I use a SessionProvider to read that initial GET request (headers and URL parameters). - Then, with that data, I build a body that I send to my backend.
Problem
The URL parameters contain sensitive data, and I have been told this is not secure.
What was recommended to me
- Have the browser execute a POST request with a body to my web portal at login instead of using URL parameters.
- However, I am not sure how to capture that body from the client side (not the backend/server) and then store it in my
SessionProviderto use it in further requests to my backend.
Previous attempts
- I tried moving the sensitive data to a custom header, but a superior mentioned that this is also not recommended or fully secure.
Additional details
- The communication between the user’s computer and my web portal will go through the internet.
- The communication between my web portal and the backend will happen over an internal network.
- I can ask the developer to implement the browser in such a way that it opens my web portal with a POST request and body.
Questions
- How can I read that body when the client makes a POST request immediately upon opening the site (or to open it), and then store those variables in my
SessionProviderto use them for backend requests? - Am I missing something here?
I don’t have much experience with Next.js, but it seems like a good tool for this project.
