SShortSingh.
Back to feed

React 19 useCallback Stale Closures Can Leak Tenant Data in Multi-Tenant Apps

0
·2 views

A developer shipping a multi-tenant AI dashboard discovered that React 19's useCallback memoization can cause stale closures that leak one tenant's data into another tenant's API calls. The bug surfaced in production when rapid tenant switches occurred while async AI requests were still in-flight, resulting in Tenant B's Claude API calls inadvertently using Tenant A's system prompts. Although the dependency array correctly lists tenantId, it only guards against stale values at render time and cannot cancel or correct closures already captured during ongoing async operations. The issue is particularly hard to catch because it leaves no TypeScript errors, no failed requests, and no visible staging-environment symptoms. In SaaS applications, this silent timing flaw constitutes a data isolation violation that can affect hundreds of tenant accounts concurrently.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

How Firefox Devs Write Unit Tests for the Private Browsing Indicator

Firefox's private browsing indicator — comprising an icon and a label — appears in two different locations depending on whether horizontal or vertical tabs are enabled. In horizontal tab mode, the indicator sits in the TabsToolbar and displays both the icon and its label, while in vertical tab mode it moves to the Navbar and shows only the icon. Developers writing unit tests for this behavior first grep the codebase to locate the relevant CSS and XHTML markup files controlling the indicator's visibility. The CSS rules confirm that the indicator is hidden entirely in non-private windows, repositioned for horizontal tabs, and label-stripped for vertical tabs. Unit tests are structured using add_task, BrowserTestUtils.openNewBrowserWindow with the private flag, and BrowserTestUtils.isVisible to verify correct rendering in both tab configurations.

0
ProgrammingHacker News ·

Website Catalogs Every Computer Ever Featured in a Movie

A website called Starring the Computer documents and catalogs computers that have appeared in films and television. The project identifies specific makes and models of computers shown on screen throughout cinematic history. It serves as a reference for enthusiasts interested in the intersection of technology and popular culture. The link was shared on Hacker News, where it attracted points and brief discussion among users.

0
ProgrammingDEV Community ·

How One Introverted Job Seeker Built Confidence Through Tech Networking Events

A self-described introvert recounts how, over the past year, he overcame severe social anxiety and low self-confidence to actively participate in tech community events. Despite being unemployed and navigating an awkward position between college students and working professionals at these gatherings, he committed to speaking with one new person at each event. Over time, consistent networking helped him grow his LinkedIn presence and eventually host a segment at a tech talk. He credits gradual exposure and a deliberate personal challenge as the key drivers behind his transformation from reluctant attendee to confident public speaker.

0
ProgrammingDEV Community ·

Developer Builds Angular Component Library With Accessibility Baked In From the Start

A developer with ten years of Angular experience has built a component library designed to treat accessibility as a core requirement rather than an afterthought. The project was motivated by a recurring pattern across teams where keyboard support, ARIA attributes, and screen-reader compatibility were consistently deprioritized in favor of meeting deadlines. Unlike most existing libraries that rely on automated tools like AXE for accessibility checks, this library requires every component to pass manual keyboard and screen-reader testing before it ships. Key features include proper focus management in dialogs and drawers, live regions for dynamic announcements, and keyboard-navigable data visualizations backed by hidden data tables for screen readers. The author argues that accessibility gaps are a systemic design problem, not a matter of individual effort, and that the only fix is changing what ships by default.