My Angular (Version 5) app is secured with a JWT Token and AuthGuards. In theory a user is able to manipulate form data with Chromes Developer Tools before the aggregated form values are sent to the server. Are there nowadays new good practices to prevent this on client side and therefore I can assume that the data sent over with https to the server can be trusted ?
This Question addresses the problem: A server side session in combination with validation is recommended there. But in a Restful Architecture there is no session anymore and we can´t prevent all combinations of manipulation attempts by using validations on server side. Therefore I am looking for a convenient client side solution, that makes it uncomfortable for the normal user to manipulate with developer tools. Also I know that there can´t be 100% trustful Client implementation. But complicating the manipulation attempts would be nice trade-off.
Consider creating HttpClient interceptors (see https://angular.io/guide/http), which will be automatically invoked for each HTTP request (including the ones initiated by forms). In those interceptors, you can implement some business logic to ensure that the data was not being manipulated by the user.