Data security Issue.

[yeasirarafat-dev]

Hello everyone.
I'm working on a project based on laravel and Inertia-vue.
I noticed one thing on the new inertia version that it receives props data using attribute data-page on main element #app.
checkout the image
Anyone can see what kind of data I'm shearing from my server to the app by going inspect mode.

Here I have a question that, does it can be considered any security issue? OR It's okay.

Can I hide it in production mode?

[reinink]

This isn't a security issue. You should only ever pass data from the server to Inertia that you want the user to have access to. From the docs:

To ensure that pages load quickly, only return the minimum data required for the page. Also, be aware that all data returned from the controllers will be visible client-side, so be sure to omit sensitive information.

[johanobergman]

Just a quick note on this - if you refresh an auth protected page while signed in, then sign out using an Inertia Link, potentially private data is still going to be available by clicking "view source" and looking at the data-page attribute.

I believe a hard refresh on logout is the only way to solve it correctly, but that's not how popular scaffolding kits like Jetstream and Breeze do it, so I thought it might be worth pointing out.

[johanobergman]

The same can be said when using the browser back button after logout though, so I guess it is expected knowledge that closing the tab after logout is the only "safe" way.