As written, I do think that's naive. Being sure the person/browser is authorized doesn't mean that the signals you get are actions they intended.

Suppose that in normal use a user can visit a certain URL which triggers a dangerous effect. An attacker could trick the user into performing the action by presenting a link to them titled "click here for free stuff."

There are various ways to protect against that (e.g. CORS, not using GET methods) but backend cloud credential management does not give it to you for free.

> My automated unit, integration, and load tests confirm that.

Do they? Did you write them? If not, how do you know they confirm the desired behavior? If your tests are AI generated (and not human reviewed) then even if you're doing spec-driven development and provide a comprehensive spec, how can you be sure the tests actually test the desired behavior?

Now if you're either writing or reviewing the tests, then sure.

Also, for what it's worth, when I talk about my "responsibility" I'm speaking more from a self-imposed sense of... um, almost a moral responsibility I feel, not something involving a 3rd party like a customer or employer.

Did you mean to reply to someone else? This seems awfully defensive for a reply to parent’s comment.

It wouldn't prevent the admin page from exfiltrating data, though, right? Like, POSTing whatever data is loaded on the page to an arbitrary attacker controlled website.

Thank you for doing your part to keep webapp pentesters in business.