Cerbos with react in production

[dipbazz]

Hello guys,

I am using cerbos in my refine react application as mentioned in this documentation. While I was testing in local it was working fine and I didn't have any issues, but now I have my refine app in production so when the user tries to access the application the whole JS is downloaded to the client and now to check my policies I have to hit the server which in turns slows my application, because for every policy check the app is constantly checking the policy in server. Is there a way to overcome this problem by downloading the policies to the client and checking it locally?

I am not sure if this is the right approach, but I am completely stuck with the application response time.

[alexolivier]

Hey @dipbazz

There are a few ways to approach this - but at a more high level, in order to check permissions the call does need to go to the backend where Cerbos is running where you can securely verify the user's identity and fetch the resource attributes as calling directly from the frontend would require all the attributes about the principal and the resource to be available client-side/in the browser first - at which point checking things like 'read' permission is a bit redundant.

The way we recommend approaching this is when your react app hits your backend to fetch the data, return the permissions along with it so you can then conditional render UI components based on what the user can do.

All that said, there are some valid use cases for checking permissions client side, for example conditionally showing sections of an application based on which package a user is signed up for. We have a solution for this which we will be releasing soon, but if you are keen to try it today, drop me an email at alex@cerbos.dev and I can get you set up with our early access version.