Open bnchdrff opened 7 years ago
It's amazing that you made so much progress based on my starter. All of your work make this starter close to perfection, including SSR, webpack configuration and so on. I really appreciate you notify me of all your contribution, I can learn a lot from you.
Just one question, api depends on JWT token which is stored at client, how does SSR work if this token is unavailable in server?
Thanks so much.
the way it works now is.. it doesn't! :)
the server will render the page as it would've been rendered for an unauthenticated user, and then in the frontend those components are re-rendered. this might not make sense for certain apps but in my case i think it's an efficient way of doing things, since the main utility of SSR is for search engine optimization.
it'd be cool to work in SSR for a logged-in user though -- i'll take a stab at it!
we'd grab the jwt in a similar way to how i'm grabbing the csrf token here: https://github.com/bnchdrff/react-redux-graphql-passport-starter/blob/master/src/server.js#L60
i was totally wrong about my previous note -- we would need to ensure the client's stored jwt is passed along with that initial request. i'm looking into an approach for doing this.
not sure if there is a way to do it, aside from storing the jwt as a cookie instead of localstorage. reading http://stackoverflow.com/questions/40574994/jwt-stored-in-cookie-security-concerns#40579495 and other things. i'm hoping to find some sort of standard best-practice for doing it.
here's stormpath's opinion... https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
i forked this at https://github.com/bnchdrff/react-redux-graphql-passport-starter to add a few features -- take a look.