DEV Community

loading...

Discussion on: How do you protect your backend API in your microservice if you use a Single Page Application on the frontend?

Collapse
rhymes profile image
rhymes

I'll try to answer with what I know:

CORS

Yeah, you definitely need CORS while you're developing a SPA with a different server.

It also enables other clients to consume your API.

Proxying requests

The proxying issue hit me as well, I didn't actually solve it because it was configured in the webpack vue template. If you are using it the solution is here: github.com/vuejs-templates/webpack... - If you are not refer to webpack's own documentation: webpack.js.org/configuration/dev-s...

Authentication

I still have to implement it in my own SPA, because it's not exposed to the web and I'm waiting for some business requirements on how to best do it so I don't have an answer for you. In the meantime I can refer you to some articles (I haven't read everything yet :D):

Collapse
djviolin profile image
István Lantos Author

Thank You!

Yeah, I know about the proxy in vue-cli, but the problem I don't want to use this Node.js server in production, so I build the vue project and Go will be the static fileserver. For development, the webpack based proxy server in vue-cli is fine though.

I can implement a proxy in Go which is exposing the api server within the static server (under a route like /api/v1, this way I can use relative urls in axios), but my problem with this approach is that the static server is not only serving the static files in this case, it's doing a little bit of backend work also. Which I try to ignore, because what if the static files hosted on AWS?

Collapse
rhymes profile image
rhymes

Why don't you just deploy the build of the SPA to the go server so it can serve it?

I'm not using Node as a server, just for development. I have a post build command that builds the static files so that the Python server can send them to the client.