I wanted to verify if shadow-cljs worked with netlify for frontend and their “functions” backend. Turns out it works fine and is pretty easy to setup. Anyone interested can take a look at the repo.
It is currently deployed here and runs a rather simple backend that just counts the number of times the page was accessed since the lambda was loaded. After some idle time the lambda shuts down and will be started when needed so the counter goes back to zero quite often. You’d probably not store any state that way in a real app. Good enough for a test though.
My curiosity is satisfied and the process overall is pretty smooth. Happy to answer questions.
I looked at using Netlify to host the front end of the app I’m building and I was really impressed at how quick and easy it was to get working with clojurescript. But the concern I have with it is how do you prevent CSRF attacks without running a proper web server? I realize this isn’t really a clojure question, more just a noobie web dev question but it really stumped me
The typical technique apply just as with any other webserver. You can view each function as its own webserver and just the initial HTML is static. You can still send out the cookies and token via a function call + validate the Origin/Referer headers. As long as the client sends back both the cookie and the token with subsequent requests you are fine. An “attack” won’t have access to the token.
Not sure if there are any libraries that deal with this, there probably are many given the size of the JS world though.
Thanks @thheller! I’m also very satisfied with my deployment on netlify as well. My project is pure frontend without any backend functions. This is another example for people want to do similar things. Cheers.
The repo is at:
This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.