In my page built on Vue + Nuxt 2, I'm trying to execute a redirection from one page to another in case the user is not allowed to see the page.
Right now, to achieve that I'm calling to one endpoint and relying on its response to manage the redirect, most specifically in the key "show_page". This turned out to be a security issue because an attacker achieved to change the API responses in the browser making ir respond "show_page" always as true.
My goal is to call that endpoint in the server side of the page, and redirect from there, so the api response can not be managed but I'm not getting it. I tried with server side middlewares but I got stuck. It always shows the response to the client, or it doesn't run in the client side, so the attacker still has the chance to change the responses. What can I do?
I tried calling the API from the server middleware, then redirecting, it work if I reload the page ( because that's when the server side runs) but it doesn't work if I navigate to the page with a normal button.
Edit: This is simply not possible :)