[SOLVED] Why is data that I'm not supposed to see available for a split second?

I’m noticing an issue with pub/sub in Meteor. Maybe I’m doing something wrong. Here’s what’s happening:

I’m subscribing to notifications, but only ones that are meant for me:

Meteor.publish('notifications', function () {
  return Notifications.find({
    toUserIds: this.userId,
    dismissedBy: { $ne: this.userId },
  });
});

In NotificationCenterContainer.js, I subscribe to the publication:

import { Meteor } from 'meteor/meteor';
import { createContainer } from 'meteor/react-meteor-data';
import { connect } from 'react-redux';

import { Notification } from '../../../collections/notifications';
import NotificationCenter from './NotificationCenter';

export default connect()(createContainer(() => {
  const handle = Meteor.subscribe('notifications');

  return {
    isDataReady: handle.ready(),
    notifications: Notification.find({}, { sort: { createdAt: -1 } }).fetch(),
    userId: Meteor.userId(),
  }
}, NotificationCenter))

So, I generate a notification that’s sent to another user, and I see this in the Chrome console: (logged from the componentWillReceiveProps method)

  componentWillReceiveProps(nextProps) {
    console.log('old props:', this.props.notifications,
      'new props:', nextProps.notifications);
  }

Is this normal, for Meteor data to be available for a split second to the client? I’ve never noticed this until now.

Ahh, of course. Because of optimistic UI. :slight_smile: I had to make sure the notification data update (within the Meteor method) only occurred on the server side.

  run({ userIds, message }) {
    if (this.isSimulation) return; // don't run this on the client

    const notification = new Notification({
      message,
      toUserIds: userIds,
    });

    notification.save();
  },

Umm, not sure that this is the proper way to go about it - after all, the client could simply comment out if (this.isSimulation) return;

You mean someone would be able to wade through all the minified, bundled JS code in their browser and find that line and remove it?

What is the proper way to do it?

This is an old problem. See the good old subscriptionId topic