by mrvenkman on 1/6/23, 8:41 PM with 39 comments
Oh, and security!
Thoughts?
by deafpolygon on 1/7/23, 4:48 AM
CSR solves a different set of problems. One common problem is that front-end developers don't always have access to the back-end, nor do they always have the skills to deal with back-end. Sometimes it's just quicker to have back-end provide the data (i.e. an endpoint), and have the front-end deal with it.
I think, since before CSR became the popular trend, that front-end development had fragmented and proliferated so much that it has become fairly complicated. Front-end development used to be just a web "designer" would design it and make the page look pretty. Toss in some JS for interactivity + animation. Once they're done, hand it off to the web "developer" for hosting and integration into the web server. Now it has grown into this monstrosity where we can have the designer, UI/UX person, front-end API, etc. With the client doing all the rendering, web pages have started to slow down. At some point, folks are like, "Wait a minute! What about SSR? We can solve so much of our performance and security issues that way!"
Trends are often cyclical, with the previous trend being replaced by old trends making fresh rounds. I suspect we will see old ideas with fresh eyes, and a new way to reason about things.
by speedgoose on 1/6/23, 9:40 PM
I think that you do need interactivity through JavaScript at some point. And I find react and similar easier to maintain than an HTML/JS soup generated by PHP, JSP, or RoR.
I would take a look at https://fresh.deno.dev/ or https://kit.svelte.dev/ or https://nextjs.org/
by caprock on 1/6/23, 9:27 PM
Here are the essays:
by sergiotapia on 1/6/23, 10:16 PM
Can you tell it's server side rendered? https://www.gamedrop.gg/lists/slymilano/exciting-game-releas...
https://www.gamedrop.gg/game/hogwarts-legacy
I think there are similar tools in other platforms like Rail's and Laravel.
by endisneigh on 1/6/23, 10:59 PM
by comrad on 1/6/23, 10:36 PM
by thinkmcfly on 1/6/23, 10:44 PM
by sph on 1/7/23, 12:22 PM
For everything else, meaning 99% of the projects you will ever be paid to work on, server-side framework with just a little sprinkle of JS where needed is enough and 10x more productive.
by andrewfromx on 1/6/23, 8:47 PM
by smackeyacky on 1/6/23, 10:41 PM
by belmont_sup on 1/7/23, 4:11 AM
Apps that need react and other similar frameworks are like excalidraw, linear, figma, etc. think most crud apps are fine.
However, react is still a great programming tool for me. I like the abstractions available with remix, next, qwik, and all that. I can still have a backend api team, and a separate web team that uses remix to consume the api. Simple models.
by andrewf on 1/7/23, 1:04 AM
I'd be wary of taking asynchronous actions and making them synchronous. For instance, if you had a list of items each with a delete icon next to it, you don't want to turn deleting three items from click-click-click into click-wait-click-wait-click.
Chrome Dev Tools can simulate added latency as well as restricted bandwidth, so you can plug intercontinental latencies in and see how much a particular site is affected.
Some things will be fine. I'm posting this on HN from Western Australia, no problems.
by timthelion on 1/7/23, 8:02 AM
I believe that minimalist, well audited REST or Websocket protocols are FAR more secure than server side rendering. How can you audit the entirety of your UI for security flaws? How can you analyze data leakage formally over such a large surface area? You cannot. But you can analyze 10 REST endpoints passing JSON. You can analyze RPC over websockets. Often times such specifications can fit on 4 sheets of printer paper. Take it on the train with you. Print out a copy and look for security flaws while you're on the toilet. You can't do that with server-side rendering.
I guess if there is not much data-flow both ways, then server-side rendering could be much more secure. For example, if you have a page live rendering stock charts on a news site. One that is complex but doesn't allow for much configuration. Server side rendering would be more secure. However, if you are creating something like a CRDT based shared spreadsheet that supports formulas, server-side rendering could basically mean that you are giving untrusted clients the ability to run Turing complete code on your server ;) . You'll be far better off having as much as possible on the client and as small and simple a protocol as you can manage between the front end and the back end.
Basically, security wize:
- If drawing the page requires a huge number of data points to create a visualization that the client cannot interact with much, then server side rendering reduces the attack surface (you're just sending display information).
- If the page allows for a lot of user control over the data, you increase your attack surface by processing more untrusted information server side.
by Alifatisk on 1/7/23, 12:39 AM
Have a look at stimulusreflex for example [1], the state is handled on the backend leading to you shipping less bloat to the client!
1. https://docs.stimulusreflex.com/#faster-uis-smaller-download...
by WhiteBlueSkies on 1/7/23, 1:05 AM
by v3ss0n on 1/6/23, 9:23 PM
by connormcd on 1/7/23, 5:23 AM
Its been doing server side rendering for 20 years. If you got vaxxed in the USA, there's a good chance you used APEX to book your appointment.