I’m transitioning from SPAs with REST APIs to SSR applications using React Router Framework. While I’ve used layout routes and tools like SWR/React Query for route protection in React Router DOM, I just found out that actions in React Router Framework are still vulnerable to unauthorized POST requests. I use JWT auth with tokens stored in cookies—do I need to verify the JWT in every action on each route, or is there a global solution like Fastify’s onRequest hook?
