PR #824 adds experimental support for React-based Tethys apps. This issue documents what needs to be done to make it a fully supported feature:
[ ] Add production configuration tutorial. Some settings that may need to be set include (based on recommendations from this tutorial):
# Cookie Settings
CSRF_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_SAMESITE = 'Lax'
# Prevent JavaScript from accessing CSRF and session cookies
# NOTE: This will probably break scripts that use the cookie to get the CSRF token
CSRF_COOKIE_HTTPONLY = True
SESSION_COOKIE_HTTPONLY = True
# Production only
CSRF_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_SECURE = not DEBUG
# CORS Header Settings
CORS_ALLOWED_ORIGINS = [
'http://localhost:8080',
'http://127.0.0.1:8080',
]
CORS_EXPOSE_HEADERS = [
'Content-Type',
'X-CSRFToken',
]
CORS_ALLOW_CREDENTIALS = True
[ ] Tutorial / Documentation
[ ] Node dependency management - how do we keep this from getting out of date really fast?
PR #824 adds experimental support for React-based Tethys apps. This issue documents what needs to be done to make it a fully supported feature: