VUE_FRONTEND_DIR = os.path.join(BASE_DIR, 'vue_frontend') # SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: keep the secret key used in production secret! # Quick-start development settings - unsuitable for production )īASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(_file_))) # Build paths inside the project like this: os.path.join(BASE_DIR. FE will call that when user visits your website for first time to understand if user is logged in or not.Ĭonst BundleTracker = require("webpack-bundle-tracker") Ĭonst BundleAnalyzerPlugin = require("webpack-bundle-analyzer").BundleAnalyzerPlugin To be more robust you can add an API like /api/auth/me that returns current logged in user data to FE. FE will just call /api/auth/login and proper cookies will be set automatically. I personally think you can stick to Django session based auth, no need to add anything to your FE. So you can turn that protection off to have one less headache. Newer versions of Django defaults to Lax that protects you from CSRF on supported browsers. This way random npm libraries you installed or 3rd party scripts on your page has no way to access and steal the token.Ĥ- On a separate note, Django CSRF protection is kinda obsolete now we have samesite cookie on browsers. Django session auth has httponly turned on by default. IMO it's inferior to having httponly cookies. Having separate domains is easier to maintain in long run but you'll need to handle cookie/CORS issues now and then.Ģ- If you have separated domains you can set cookies on the main domain from subdomain with this settingsģ- There's no need to go with JWT token in localstorage. You can prefix all your BE URLs with /api/ then on production you can use a reverse-proxy like NGINX or Traefik or your load balancer. There are multiple answers for your concern.ġ- There's no need to have separated domain. Another thing is the lack of examples on this, and finally the biggest problem is that i already setup the app on this environment, so moving to decoupled would be quite a pivot I have some doubts on storing a jwt token on local storage, i don't think its the safest solution there is session based auth but i don't know how would it work on two different domains. Yes, the main problem is that having the apps hosted on two different domains might make me lose a lot of django benefits in terms of security. BE will provide a set of API URLs (invisible to end user) and FE will consume them and provide a set of FE URLs that users would see. If you're going with SPA, putting FE URLs in BE also makes not much sense (unless you're doing something like server side rendering). Having a total separation between BE/FE is definitely industry de-facto standard but rendering most stuff on BE and having a lightweight FE is not a crime either, Stack overflow itself uses such approach. My rule-of-thumb is SPA is better if have a lot of interactions on your page or you have a team of speciallized people for FE. I think you need to decide it you're going to build a SPA or not. My doubt: is it a bad practice? Are there reasons for which i should avoid doing so? So here i'm not using Vue to handle routes, but i load individual Vue components of the same app in those Django templates where i need them. Otherwise there would be page refreshes or wrong URLs. your FE needs to know how to update the URL if user clicks on a link/item. Your FE needs to know the routes if you're going to do SPA, e.g. My doubt is: should routing be handled by Django or should it be handled by Vue in a SPA? ShowMessage('La suscripción se ha eliminado correctamente') Ĭonsole.log('Subscription error.', arguments) SubBtn.textContent = 'Eliminar suscripción' Check the information is saved successfully into server PostSubscribeObj('subscribe', subscription, Options.applicationServerKey = urlB64ToUint8Array(applicationServerKey) MetaObj = document.querySelector('meta') Var metaObj, applicationServerKey, options
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |