DEV Community: Ashley Connor The latest articles on DEV Community by Ashley Connor (@ashleyconnor). https://dev.to/ashleyconnor https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F377159%2F101ab129-96dc-46ab-b9ec-7d24d2bb87eb.jpeg DEV Community: Ashley Connor https://dev.to/ashleyconnor en Why the Python Standard Library Needs a run_sync() Ashley Connor Thu, 24 Apr 2025 19:53:29 +0000 https://dev.to/ashleyconnor/why-the-python-standard-library-needs-a-runsync-g3c https://dev.to/ashleyconnor/why-the-python-standard-library-needs-a-runsync-g3c <p>I recently updated a small script I wrote to automate file uploads to a website with no API. It uses the excellent <a href="https://playwright.dev/" rel="noopener noreferrer">Playwright</a> project to drive a browser - making the tedious task of filling out forms painless.</p> <p>But there was one big annoyance: authentication.</p> <p>The upload forms sit behind a login screen that requires a username, password, and TOTP token. To get around this, I initially used <a href="https://playwright.dev/python/docs/api/class-browsertype#browser-type-launch-persistent-context" rel="noopener noreferrer">Playwright's <code>launch_persistent_context</code></a> so that cookies could persist across sessions. This worked fine, but I still had to log in every 7 days when the session expired.</p> <p>I wanted to fix that.</p> <h2> Enter 1Password </h2> <p>The credentials to this website are stored in my personal 1Password Vault. 1Password also has a <a href="https://github.com/1Password/onepassword-sdk-python" rel="noopener noreferrer">Python SDK</a>. Perfect, right?</p> <p>Well...</p> <p>For reasons I still don’t fully understand, 1Password provides <strong>only</strong> an <strong>async</strong> Python SDK—no synchronous methods at all.</p> <p>Naively, I installed the SDK and started calling it from my existing (synchronous) Playwright code.</p> <p>Now the script could fetch credentials including the TOTP from 1Password. That meant I no longer needed persistent context or manual logins. But then I hit this error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Error: It looks like you are using Playwright Sync API inside the asyncio loop. Please use the Async API instead. </code></pre> </div> <p>Playwright smartly offers both sync and async APIs. So I switched to using <code>async_playwright</code> and then tediously sprinkled <code>async</code>/<code>await</code> throughout my code.</p> <p>That fixed the issue. The script now worked.</p> <h2> Wait...But why? </h2> <p>Before committing these changes, I paused. Had I just rewritten a bunch of working code to accommodate one library's decision?</p> <p>Was there no way to bridge async and sync without a full rewrite?</p> <p>It turns out there is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">run_sync</span><span class="p">(</span><span class="n">coro</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">get_running_loop</span><span class="p">()</span> <span class="k">except</span> <span class="nb">RuntimeError</span><span class="p">:</span> <span class="c1"># No running loop </span> <span class="k">return</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">coro</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Already in an event loop (e.g. Jupyter, FastAPI, etc.) </span> <span class="c1"># Run the coroutine in a new thread </span> <span class="n">result_container</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">runner</span><span class="p">():</span> <span class="n">result</span> <span class="o">=</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">coro</span><span class="p">)</span> <span class="n">result_container</span><span class="p">[</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">result</span> <span class="n">thread</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">runner</span><span class="p">)</span> <span class="n">thread</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="n">thread</span><span class="p">.</span><span class="nf">join</span><span class="p">()</span> <span class="k">return</span> <span class="n">result_container</span><span class="p">[</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <p>This gnarly snippet lets you run an <code>async</code> function and retrieve its result in synchronous code.</p> <p>How it works:</p> <ol> <li>Attempt to fetch the <a href="https://docs.python.org/3/library/asyncio-eventloop.html#asyncio.get_running_loop" rel="noopener noreferrer">running async loop</a> <ol> <li>If a loop is available we create a container for our async functions result</li> <li>Create an inner function <code>runner</code> to execute our async function and push the result into the container</li> <li>Create a thread to execute our <code>runner</code> function</li> <li> <a href="https://docs.python.org/3/library/threading.html#threading.Thread.start" rel="noopener noreferrer">Start</a> the thread</li> <li> <a href="https://docs.python.org/3/library/threading.html#threading.Thread.join" rel="noopener noreferrer">Join</a> the thread (this blocks our current thread until the <code>thread</code> is finished)</li> <li>Return the result</li> </ol> </li> <li>If a <code>RuntimeError</code> is raised, no loop is running, we catch the exception and return a call to <a href="https://docs.python.org/3/library/asyncio-runner.html#asyncio.run" rel="noopener noreferrer"><code>run</code></a> which takes care of executing our async function for us</li> </ol> <p>Now I could move all my 1Password interactions to a dedicated async function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">get_onepassword_creds</span><span class="p">():</span> <span class="c1"># ... </span> <span class="k">pass</span> <span class="k">with</span> <span class="nf">sync_playwright</span><span class="p">()</span> <span class="k">as</span> <span class="n">p</span><span class="p">:</span> <span class="c1"># ... </span> <span class="n">credentials</span> <span class="o">=</span> <span class="nf">run_sync</span><span class="p">(</span><span class="nf">get_onepassword_creds</span><span class="p">())</span> </code></pre> </div> <p>No more full async rewrite.</p> <h2> Why Isn’t This Built-In? </h2> <p>I was happy with this result - but it begs the question. Why is all of this required? Surely this is a common enough problem that a standard library solution is warranted?</p> <p>Well...</p> <blockquote> <p>I am unenthusiastic about providing this functionality in the stdlib. This is really not something that a well-behaved async application should do, and having the API would legitimize an idiom that is likely to come back and stab you in the back when you least need it. You would be better off refactoring your application so you don’t need this ugly hack. (Of course, I understand that realistically that’s not always possible, but if your specific app’s transition to an async world requires this hack, well, it’s only 7 lines of code.)</p> <p><em>Guido van Rossum</em></p> </blockquote> <p><a href="https://discuss.python.org/t/calling-coroutines-from-sync-code-2/24093/2" rel="noopener noreferrer">Source</a></p> <p>That thread includes a simpler (but less robust) example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">call</span><span class="p">(</span><span class="n">coro</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">loop</span> <span class="o">=</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">get_running_loop</span><span class="p">()</span> <span class="k">except</span> <span class="nb">RuntimeError</span><span class="p">:</span> <span class="k">return</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">coro</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="n">loop</span><span class="p">.</span><span class="nf">run_until_complete</span><span class="p">(</span><span class="n">coro</span><span class="p">)</span> </code></pre> </div> <p>But this fails if the current loop is already running—like in Jupyter, FastAPI, or some test environments.</p> <h2> The Mess We’re In </h2> <p>So there you have it.</p> <p>Want to call async code from sync Python? Just copy-paste these <del>7</del> 15 lines into every project.</p> <p>It’s not ideal. And it's brittle: <code>get_running_loop()</code> wasn’t even available before Python 3.7.</p> <p>There are other real-world use cases too - like debugging with <code>pdb</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># fail (Pdb) await my_async_func() *** SyntaxError: 'await' outside function # works (Pdb) result = run_sync(my_async_func()) (Pdb) print(result) </code></pre> </div> <p>A poor developer experience.</p> <h2> Conclusion </h2> <p>As more libraries adopt async-only interfaces and as more developers try to mix async and sync code, this problem will only get worse.</p> <p>Python needs a standard library solution for this. It’s time the core team reconsiders their position.</p> python programming discuss Authenticated Server Rendered pages with SvelteKit and Supabase Ashley Connor Thu, 24 Jun 2021 20:27:13 +0000 https://dev.to/ashleyconnor/authenticated-server-rendered-pages-with-sveltekit-and-supabase-pif https://dev.to/ashleyconnor/authenticated-server-rendered-pages-with-sveltekit-and-supabase-pif <p>If your <a href="https://kit.svelte.dev" rel="noopener noreferrer">SvelteKit</a> web application has an authenticated page that contains private data from <a href="https://supabase.io" rel="noopener noreferrer">Supabase</a> and you want to provide your users with a server rendered page, you'll need a way to make authenticated calls from your <a href="https://kit.svelte.dev/docs#routing-endpoints" rel="noopener noreferrer">SvelteKit endpoints</a>.</p> <p>In this post I'll explain how you can pass your Supabase <a href="https://jwt.io" rel="noopener noreferrer">JWT</a> to your SvelteKit endpoint and store it as a cookie.</p> <p>This cookie can then be used to make authenticated calls to Supabase on a users behalf which allows you to generate authenticated server rendered pages.</p> <h2> Why </h2> <p>Server Side Rendering provides a better user experience as it provides the browser with a an immediate response that can be rendered without waiting on Javascript requests.</p> <p>A user may have Javascript disabled on their browser and SSR will provide a somewhat usable experience.</p> <p>I personally dislike the "flicker" that is common to web applications that depend on data retrieved after the page has first loaded.</p> <h2> How </h2> <p>In order to make authenticated calls to Supabase within our SvelteKit endpoints we need to send the JWT to the server and respond with a cookie.</p> <p>We can do this in our <code>auth.onAuthStateChange()</code> callback:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// src/routes/__layout.svelte</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">session</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$app/stores</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">supabase</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$lib/supabaseClient</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">setAuthCookie</span><span class="p">,</span> <span class="nx">unsetAuthCookie</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$lib/utils/session</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// this should run on every page so I put this code in my `__layout.svelte` file</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">onAuthStateChange</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">_session</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">SIGNED_OUT</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">session</span><span class="p">.</span><span class="nf">set</span><span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="nx">_session</span><span class="p">.</span><span class="nx">user</span> <span class="p">});</span> <span class="k">await</span> <span class="nf">setAuthCookie</span><span class="p">(</span><span class="nx">_session</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">session</span><span class="p">.</span><span class="nf">set</span><span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">guest</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">});</span> <span class="k">await</span> <span class="nf">unsetAuthCookie</span><span class="p">();</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>The <code>setAuthCookie</code> makes a request to an endpoint with the JWT and responds with a cookie and <code>unsetAuthCookie</code> unsets the same cookie:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// src/lib/utils/session.js</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">setServerSession</span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth.json</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Headers</span><span class="p">({</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">}),</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">'</span><span class="s1">same-origin</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">event</span><span class="p">,</span> <span class="nx">session</span> <span class="p">})</span> <span class="p">});</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">setAuthCookie</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">session</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">await</span> <span class="nf">setServerSession</span><span class="p">(</span><span class="dl">'</span><span class="s1">SIGNED_IN</span><span class="dl">'</span><span class="p">,</span> <span class="nx">session</span><span class="p">);</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">unsetAuthCookie</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="k">await</span> <span class="nf">setServerSession</span><span class="p">(</span><span class="dl">'</span><span class="s1">SIGNED_OUT</span><span class="dl">'</span><span class="p">,</span> <span class="kc">null</span><span class="p">);</span> </code></pre> </div> <p>It's important to include the event as the <code>supabase-js</code> library expects it.</p> <p>Our endpoint to set the cookie looks like so:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// src/routes/api/auth.json.js</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">post</span><span class="p">(</span><span class="nx">req</span> <span class="cm">/*, res: Response (read the notes below) */</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Unlike, Next.js API handlers you don't get the response object in a SvelteKit endpoint. As a result, you cannot invoke the below method to set cookies on the responses.</span> <span class="c1">// await supabaseClient.auth.api.setAuthCookie(req, res);</span> <span class="c1">// `supabaseClient.auth.api.setAuthCookie(req, res)` is dependent on both the request and the responses</span> <span class="c1">// `req` used to perform few validations before setting the cookies</span> <span class="c1">// `res` is used for setting the cookies</span> <span class="k">return</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="kc">null</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p>You're probably thinking - "Where is the cookie set?" - that has to be done in our SvelteKit <a href="https://kit.svelte.dev/docs#hooks" rel="noopener noreferrer"><code>hook</code></a> because we don't have access to the response object to pass to the <code>supabase.auth.setAuthCookie</code> function.</p> <p>So our <code>hooks.js</code> file looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// src/hooks.js</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">request</span><span class="p">,</span> <span class="nx">resolve</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Parses `req.headers.cookie` adding them as attribute `req.cookies, as `auth.api.getUserByCookie` expects parsed cookies on attribute `req.cookies`</span> <span class="kd">const</span> <span class="nx">expressStyleRequest</span> <span class="o">=</span> <span class="nf">toExpressRequest</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="c1">// We can then fetch the authenticated user using this cookie</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">api</span><span class="p">.</span><span class="nf">getUserByCookie</span><span class="p">(</span><span class="nx">expressStyleRequest</span><span class="p">);</span> <span class="c1">// Add the user and the token to our locals so they are available on all SSR pages</span> <span class="nx">request</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">token</span> <span class="o">=</span> <span class="nx">expressStyleRequest</span><span class="p">.</span><span class="nx">cookies</span><span class="p">[</span><span class="dl">'</span><span class="s1">sb:token</span><span class="dl">'</span><span class="p">]</span> <span class="o">||</span> <span class="kc">undefined</span><span class="p">;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">user</span> <span class="o">||</span> <span class="p">{</span> <span class="na">guest</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="c1">// If we have a token, set the supabase client to use it so we can make authorized requests as that user</span> <span class="k">if </span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">setAuth</span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">locals</span><span class="p">.</span><span class="nx">token</span><span class="p">);</span> <span class="p">}</span> <span class="kd">let</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">request</span><span class="p">);</span> <span class="c1">// if auth request - set cookie in response headers</span> <span class="k">if </span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">method</span> <span class="o">==</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">request</span><span class="p">.</span><span class="nx">path</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">/api/auth.json</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">api</span><span class="p">.</span><span class="nf">setAuthCookie</span><span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nf">toExpressResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">));</span> <span class="nx">response</span> <span class="o">=</span> <span class="nf">toSvelteKitResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>Our helper functions <code>toExpressRequest</code>, <code>toExpressResponse</code>, <code>toSvelteKitResponse</code> look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// src/lib/utils/expressify.js</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cookie</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cookie</span><span class="dl">'</span><span class="p">;</span> <span class="cm">/** * Converts a SvelteKit request to a Express compatible request. * Supabase expects the cookies to be parsed. * @param {SvelteKit.Request} req * @returns Express.Request */</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">toExpressRequest</span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">req</span><span class="p">,</span> <span class="na">cookies</span><span class="p">:</span> <span class="nx">cookie</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">cookie</span> <span class="o">||</span> <span class="dl">''</span><span class="p">)</span> <span class="p">};</span> <span class="p">}</span> <span class="cm">/** * Converts a SvelteKit response into an Express compatible response. * @param {SvelteKit.Response} resp * @returns Express.Response */</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">toExpressResponse</span><span class="p">(</span><span class="nx">resp</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">resp</span><span class="p">,</span> <span class="na">getHeader</span><span class="p">:</span> <span class="p">(</span><span class="nx">header</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">resp</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="nx">header</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">()],</span> <span class="na">setHeader</span><span class="p">:</span> <span class="p">(</span><span class="nx">header</span><span class="p">,</span> <span class="nx">value</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="nx">resp</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="nx">header</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">()]</span> <span class="o">=</span> <span class="nx">value</span><span class="p">),</span> <span class="na">status</span><span class="p">:</span> <span class="p">(</span><span class="nx">_</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">json</span><span class="p">:</span> <span class="p">(</span><span class="nx">_</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{}</span> <span class="p">})</span> <span class="p">};</span> <span class="p">}</span> <span class="cm">/** * Converts an Express style response to a SvelteKit compatible response * @param {Express.Response} resp * @returns SvelteKit.Response */</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">toSvelteKitResponse</span><span class="p">(</span><span class="nx">resp</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">getHeader</span><span class="p">,</span> <span class="nx">setHeader</span><span class="p">,</span> <span class="p">...</span><span class="nx">returnAbleResp</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">resp</span><span class="p">;</span> <span class="k">return</span> <span class="nx">returnAbleResp</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Issues </h2> <p>This works but it isn't ideal for the following reasons:</p> <ol> <li>Supabase stores the refresh token in <code>localstorage</code> which makes it vulnerable to <a href="https://owasp.org/www-community/attacks/xss/" rel="noopener noreferrer">XSS</a>. This is done so the <code>supabase-js</code> client library can refresh the token on the users behalf.</li> <li>There's no refresh mechanism on a SSR request.</li> <li>It doesn't follow the best practices for <a href="https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/" rel="noopener noreferrer">JWTs on frontend clients</a>.</li> </ol> <h2> Potential improvements </h2> <p>Any improvement will likely make Supbase Auth more difficult to use, so what I'm proposing would be opt-in for users that want to improve their auth security.</p> <ol> <li>Allow configuration of the refresh endpoint so we can proxy the request to Supabase ourselves. This would allow us to set a refresh token in a cookie and remove it from localstorage. There would need to be some extra security work in order to make sure a client wasn't sending the request directly to a Supabase auth endpoint.</li> <li>Expose a function to generate the cookie using just the token. This would save us having to generate Express-style request/response objects just to get the cookie.</li> </ol> <h2> Code </h2> <p>All of the code above and more is available in my repository <a href="https://github.com/ashleyconnor/sveltekit-supabase-demo" rel="noopener noreferrer">sveltekit-supabase-demo</a>. If you have any suggestions or feedback feel free to open an issue or PR.</p> <h2> Thanks </h2> <p>A huge thanks to <a href="https://github.com/one-aalam" rel="noopener noreferrer">Aftab Alam</a> for providing a <a href="https://github.com/one-aalam/svelte-starter-kit/tree/auth-supabase" rel="noopener noreferrer">SvelteKit template</a> that was a source for much of the code above.</p> svelte sveltekit supabase jwt Deploying SvelteKit using Cloudflare Workers Ashley Connor Mon, 21 Jun 2021 00:20:44 +0000 https://dev.to/ashleyconnor/deploying-sveltekit-using-cloudflare-workers-16ni https://dev.to/ashleyconnor/deploying-sveltekit-using-cloudflare-workers-16ni <h2> Introduction </h2> <p>Recently I've been using SvelteKit as the frontend for a project I've been working on and after some local development I wanted to get it up and<br> running on the cloud.</p> <p>I chose <a href="https://workers.cloudflare.com/" rel="noopener noreferrer">Cloudflare Workers</a> as I already have an account with them (this blog is hosted on <a href="https://pages.cloudflare.com/" rel="noopener noreferrer">Cloudflare Pages</a>) however, the documentation on using the <a href="https://github.com/sveltejs/kit/tree/master/packages/adapter-cloudflare-workers" rel="noopener noreferrer">adapter-cloudflare-workers</a> is pretty sparse so I'll cover how I got it deployed here.</p> <h2> SvelteKit adapter configuration </h2> <p>If you don't have an existing SvelteKit project you can follow allowing by generating the demo project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm init svelte@next my-cloudflare-workers-demo ? Which Svelte app template? › - Use arrow-keys. Return to submit. ❯ SvelteKit demo app <span class="c"># select this</span> Skeleton project ✔ Use TypeScript? … No / Yes ✔ Add ESLint <span class="k">for </span>code linting? … No / Yes ✔ Add Prettier <span class="k">for </span>code formatting? … No / Yes ✔ Copied project files <span class="nv">$ </span><span class="nb">cd </span>my-cloudflare-workers-demo <span class="nv">$ </span>npm <span class="nb">install</span> </code></pre> </div> <p>Once you're at the root of your project we can install the adapter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm i @sveltejs/adapter-cloudflare-workers@next </code></pre> </div> <p>Next, let's configure the adapter in our <code>svelte.config.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// first import the adapter</span> <span class="k">import</span> <span class="nx">adapter</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/adapter-cloudflare-workers</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// then in the config object, add an adapter key under kit, and call the imported library</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">kit</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// hydrate the &lt;div id="svelte"&gt; element in src/app.html</span> <span class="na">target</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#svelte</span><span class="dl">'</span><span class="p">,</span> <span class="na">adapter</span><span class="p">:</span> <span class="nf">adapter</span><span class="p">()</span> <span class="p">}</span> <span class="p">};</span> <span class="p">...</span> </code></pre> </div> <p>That's all that's required from SvelteKit. Now onto the Cloudflare Workers configuration.</p> <h2> Wrangler </h2> <h3> Configuration </h3> <p>To deploy to Cloudflare we will install the <a href="https://developers.cloudflare.com/workers/cli-wrangler/install-update" rel="noopener noreferrer">Wrangler CLI</a> tool and generating an empty configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm i @cloudflare/wrangler <span class="nt">-g</span> <span class="nv">$ </span>wrangler init <span class="nt">--site</span> my-cloudflare-workers-demo 🕵️ You can find your zone_id <span class="k">in </span>the right sidebar of a zone<span class="s1">'s overview tab at https://dash.cloudflare.com 🕵️ You can find your account_id in the right sidebar of your account'</span>s Workers page 🕵️ You will need to update the following fields <span class="k">in </span>the created wrangler.toml file before continuing: - account_id ✨ Successfully scaffolded workers site ✨ Successfully created a <span class="sb">`</span>wrangler.toml<span class="sb">`</span> </code></pre> </div> <p>Now let's follow the instructions given and login to our <a href="https://dash.cloudflare.com" rel="noopener noreferrer">Cloudflare</a> dashboard to find our <code>account_id</code>.</p> <p>Login and then click on the "Workers" menu item on the right-hand side of the page:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fff8qdpaczsuoauluf129.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fff8qdpaczsuoauluf129.png" alt="Cloudflare Workers menu item" width="742" height="380"></a></p> <p>Copy your Account ID from the sidebar:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsh6aczit734ld1oelqnw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsh6aczit734ld1oelqnw.png" alt="Account ID" width="589" height="184"></a></p> <p>Optionally if you have a domain setup with Cloudflare that you wish to use with your Cloudflare Workers, grab the <code>zone_id</code> from your domain's dashboard.</p> <p>Now edit your <code>wrangler.toml</code> configuration file with those values:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="py">account_id</span> <span class="p">=</span> <span class="s">'4b05422c8548d995a6132421d4c31bba'</span> <span class="py">zone_id</span> <span class="p">=</span> <span class="s">'2ea755fa5c01136f1d07a2013c2d1c6f'</span> <span class="c"># optional, if you don't specify this a workers.dev subdomain will be used.</span> </code></pre> </div> <p>Finally, we also need to make some adjustments to the <code>site</code> key pointing it to the directories that will be generated by running build stage later on.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="py">site</span> <span class="o">=</span> <span class="p">{</span><span class="py">bucket</span> <span class="p">=</span> <span class="s">"./build"</span><span class="p">,</span> <span class="py">entry-point</span> <span class="p">=</span> <span class="s">"./workers-site"</span><span class="p">}</span> </code></pre> </div> <h3> Authorization </h3> <p>Next, let's authorize our Wrangler client so we can deploy our project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>wrangler login Allow Wrangler to open a page <span class="k">in </span>your browser? <span class="o">[</span>y/n] y 💁 Opened a <span class="nb">link </span><span class="k">in </span>your default browser: https://dash.cloudflare.com/wrangler?key<span class="o">=</span>... 💁 Validating credentials... ✨ Successfully configured. You can find your configuration file at: /Users/ashleyconnor/.wrangler/config/default.toml </code></pre> </div> <h2> Build our project and deploy </h2> <p>First, we need to build our project which we can do using <code>npm run build</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm run build <span class="o">&gt;</span> my-cloudflare-workers-demo@0.0.1 build <span class="o">&gt;</span> svelte-kit build vite v2.3.7 building <span class="k">for </span>production... ✓ 34 modules transformed. ... ✓ 27 modules transformed. .svelte-kit/output/server/app.js 64.33kb ... <span class="o">&gt;</span> Using @sveltejs/adapter-cloudflare-workers ✔ <span class="k">done</span> </code></pre> </div> <p>Then run the <code>wrangler publish</code> command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>wrangler publish up to <span class="nb">date </span><span class="k">in </span>0.729s found 0 vulnerabilities ✨ Built successfully, built project size is 33 KiB. 🌀 Created namespace <span class="k">for </span>Workers Site <span class="s2">"__my-cloudflare-workers-demo-workers_sites_assets"</span> ✨ Success 🌀 Uploading site files ✨ Successfully published your script to https://my-cloudflare-workers-demo.ashconnor.workers.dev </code></pre> </div> <p>Your Server Side Rendered SvelteKit application should be up and running on the URL above.</p> <p>You can visit the demo SvelteKit application running on Cloudflare Workers <a href="https://my-cloudflare-workers-demo.ashconnor.workers.dev" rel="noopener noreferrer">here</a>.</p> webdev tutorial svelte serverless Configuring self-signed SSL certificates for local development Ashley Connor Thu, 10 Jun 2021 17:04:37 +0000 https://dev.to/ashleyconnor/configuring-self-signed-ssl-certificates-for-local-development-35c5 https://dev.to/ashleyconnor/configuring-self-signed-ssl-certificates-for-local-development-35c5 <p>Sometimes it's preferible to keep your local development environment as close to production as possible.</p> <p>In this post I'll cover how to configure self-signed SSL certificates using a project called <a href="https://github.com/FiloSottile/mkcert" rel="noopener noreferrer"><code>mkcert</code></a> which makes<br> creating, installing and removing self-signed certificates easier than ever.</p> <p>The instructions are slightly different depending on your local environment:</p> <ul> <li>Common</li> <li>WSL2</li> <li>Firefox on Windows</li> </ul> <h2> Common </h2> <p>The first thing you will need is to install <a href="https://github.com/FiloSottile/mkcert" rel="noopener noreferrer">mkcert</a> which can be done via <a href="https://brew.sh/" rel="noopener noreferrer"><code>homebrew</code></a> or <a href="https://docs.brew.sh/Homebrew-on-Linux" rel="noopener noreferrer"><code>homebrew</code> for Linux</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>mkcert </code></pre> </div> <p>If you intend to use Firefox, you should also install <a href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" rel="noopener noreferrer"><code>nss</code></a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>nss </code></pre> </div> <p>Next run <code>mkcert</code> and pass in the the domain names and IPs you want the certificate to include:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>mkcert mywebsite.test localhost 127.0.0.1 ::1 Created a new certificate valid <span class="k">for </span>the following names 📜 - <span class="s2">"mywebsite.test"</span> - <span class="s2">"localhost"</span> - <span class="s2">"127.0.0.1"</span> - <span class="s2">"::1"</span> The certificate is at <span class="s2">"./mywebsite.test+3.pem"</span> and the key at <span class="s2">"./mywebsite.test+3-key.pem"</span> ✅ It will expire on 7 September 2023 </code></pre> </div> <p><code>mkcert</code> also accepts wildcards but some browsers (Firefox) will not accept those certificates.</p> <p>After the certificates are generated we can install the local <a href="https://en.wikipedia.org/wiki/Certificate_authority" rel="noopener noreferrer">CA</a> by running <code>mkcert</code> with the install flag. This only needs to be done once as this CA will be used to sign all future certificates generated with <code>mkcert</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>mkcert <span class="nt">-install</span> </code></pre> </div> <p>If this is you first time installing certificates using <code>mkcert</code> you should see the following output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>The <span class="nb">local </span>CA is now installed <span class="k">in </span>the system trust store! ⚡️ <span class="c"># or...</span> The <span class="nb">local </span>CA is already installed <span class="k">in </span>the system trust store! 👍 </code></pre> </div> <p>At this point your can use your generated certificates with your development server.</p> <h3> Flask </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>flask run <span class="nt">--cert</span><span class="o">=</span>mywebsite.test+3.pem <span class="nt">--key</span><span class="o">=</span>mywebsite.test+3-key.pem </code></pre> </div> <h3> Rails </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>rails s <span class="nt">-b</span> <span class="s1">'ssl://127.0.0.1:3000?key=mywebsite.test+3-key.pem&amp;cert=mywebsite.test+3.pem'</span> </code></pre> </div> <h2> WSL2 </h2> <p>If you're running the <a href="https://docs.microsoft.com/en-us/windows/wsl/install-win10" rel="noopener noreferrer">WSL2</a> then there are few extra steps in order to get the Windows 10 host to accept the validity of the certificates.</p> <p>First we want to install <code>mkcert</code> on Windows which we can do using <a href="https://chocolatey.org/" rel="noopener noreferrer"><code>chocolatey</code></a>.</p> <p>Open a Powershell terminal using the <a href="https://adamtheautomator.com/wp-content/uploads/2020/11/FromSearch-1.png" rel="noopener noreferrer">administrator user</a> and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="err">$</span><span class="w"> </span><span class="n">choco</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">mkcert</span><span class="w"> </span></code></pre> </div> <p>Then run <code>mkcert</code> with the install flag like we did before:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># first set the CAROOT path to point to the root CA we generated on WSL2</span><span class="w"> </span><span class="c"># you can get this directory by running mkcert -CAROOT from a WSL2 terminal</span><span class="w"> </span><span class="c"># if we don't do this it will install a different root CA and we will get warnings</span><span class="w"> </span><span class="nv">$CAROOT</span><span class="o">=</span><span class="s2">"\\wsl</span><span class="err">$</span><span class="s2">\Ubuntu\home\ashley\.local\share\mkcert\"</span><span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">mkcert</span><span class="w"> </span><span class="nt">-install</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="nx">local</span><span class="w"> </span><span class="nx">CA</span><span class="w"> </span><span class="nx">is</span><span class="w"> </span><span class="nx">now</span><span class="w"> </span><span class="nx">installed</span><span class="w"> </span><span class="nx">in</span><span class="w"> </span><span class="nx">the</span><span class="w"> </span><span class="nx">system</span><span class="w"> </span><span class="nx">trust</span><span class="w"> </span><span class="nx">store</span><span class="o">!</span><span class="w"> </span><span class="err">⚡️</span><span class="w"> </span><span class="n">Note:</span><span class="w"> </span><span class="nx">Firefox</span><span class="w"> </span><span class="nx">support</span><span class="w"> </span><span class="nx">is</span><span class="w"> </span><span class="nx">not</span><span class="w"> </span><span class="nx">available</span><span class="w"> </span><span class="nx">on</span><span class="w"> </span><span class="nx">your</span><span class="w"> </span><span class="nx">platform.</span><span class="w"> </span><span class="err">ℹ️</span><span class="w"> </span></code></pre> </div> <p>You should see a popup like the one below. Click "Yes" to install the CA on the Windows 10 host.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2hz8zfah5yyada0315a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv2hz8zfah5yyada0315a.png" alt="You are about to install a certificate from a root authority (CA) claiming to represent..." width="616" height="592"></a></p> <h2> Firefox on Windows </h2> <p>After that's installed let's fix Firefox so it doesn't complain that our certs are invalid.</p> <p>To do that open the Firefox browser and navigate to the settings and search for certificates:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xazor0f4x4le2ig307x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xazor0f4x4le2ig307x.png" alt="Firefox search results for " width="800" height="384"></a></p> <p>Click on "View Certificates"</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp0hlgkrdhfk80fyhsulu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp0hlgkrdhfk80fyhsulu.png" alt="Firefox certificates manager" width="800" height="572"></a></p> <p>Next click on "Import". We want to locate the root CA from our Linux instance. Mine was located here but yours will be different depending on your WSL2 linux distro:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">\\wsl</span><span class="err">$</span><span class="nx">\Ubuntu\home\ashley\.local\share\mkcert\rootCA.pem</span><span class="w"> </span></code></pre> </div> <p>Once installed you will see your local CA in the list of Authorities:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy6lct97yq808lzngm08k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy6lct97yq808lzngm08k.png" alt="Firefox certificates manager - authorities tab" width="800" height="577"></a></p> <p>Now if we visit our local development server in Firefox on our Windows host we should see the page load without any warnings.</p> <h3> Firefox </h3> <p><br><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3vm22ysnuuscbhw09o5m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3vm22ysnuuscbhw09o5m.png" alt="Firefox web browser localhost:5000 over HTTPS with no warnings" width="800" height="412"></a></p> <h3> Edge </h3> <p><br><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh599gtlytiui4abn615w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh599gtlytiui4abn615w.png" alt="Edge web browser localhost:5000 over HTTPS with no warnings" width="800" height="484"></a></p> <h3> Chrome </h3> <p><br><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fajt668c0qgm2sp4frsnn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fajt668c0qgm2sp4frsnn.png" alt="Chrome web browser localhost:5000 over HTTPS with no warnings" width="800" height="590"></a></p> webdev tutorial security