-1👍
I see two issues here.
- The login page should be seperate from the SPA page.
I think downloading any pieces to the client past the login page, before logging in would introduce security flaws, so do not do it.
- The login page should not be the root page.
For the same reason as @sinanspd mentioned, if there must be a login have it not as the root.
Source:stackexchange.com