This repository was archived by the owner on Jan 11, 2023. It is now read-only.
Clarify assumptions made by preload
#1135
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Included here are a few assumptions that I stumbled over when getting to know `preload`. I've updated the docs to spell them out to hopefully save others a little bit of time.
antony
approved these changes
Mar 30, 2020
|
Thanks @natevaughan - this is very clear, and I think is a big tripping point for new users. |
|
Great, glad it helps. And thank you for your help today @antony |
|
What's the Sapper release cycle like? |
|
@natevaughan right now there isn't really one. We're focussed on Svelte for the time-being. We're slowly merging PRs as time allows. |
abastardi
reviewed
Apr 25, 2020
site/content/docs/04-preloading.md
Outdated
| It is important to note that `preload` may run on either the server or in the client browser. Code called inside `preload` blocks: | ||
| - should run on the same domain as any upstream api servers requiring credentials; otherwise `credentials: 'include'` cannot guarantee access to 3rd party session cookies | ||
| - should not reference `window`, `document` or any browser-specific objects | ||
| - should not reference any api keys or secrets, which will be explosed to the client |
benmccann
reviewed
May 12, 2020
site/content/docs/04-preloading.md
Outdated
| @@ -83,7 +83,12 @@ To fix this, Sapper provides `this.fetch`, which works on the server as well as | |||
| </script> | |||
| ``` | |||
|
|
|||
| Note that you will need to use session middleware such as [express-session](https://github.com/expressjs/session) in your `app/server.js` in order to maintain user sessions or do anything involving authentication. | |||
| It is important to note that `preload` may run on either the server or in the client browser. Code called inside `preload` blocks: | |||
| - should run on the same domain as any upstream api servers requiring credentials; otherwise `credentials: 'include'` cannot guarantee access to 3rd party session cookies | |||
There was a problem hiding this comment.
shouldn't credentials: 'include' send the cookies even to other domains?
There was a problem hiding this comment.
@benmccann Doesn't that depend on how a project has their CORS settings configured? I'm pretty new to NodeJS so I might be mistaken
There was a problem hiding this comment.
cookies can't be cross-domain. Cookies from .domain.com will only ever be sent to .domain.com
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Included here are a few assumptions that I stumbled over when getting to know
preload. I've updated the docs to spell them out to hopefully save others a little bit of time.See #1134