this post was submitted on 15 Dec 2024
36 points (100.0% liked)

Programming

17834 readers
81 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
snowe
Ategon
[email protected]
36
I built a full-stack app, how should I host it? (self.programming)
submitted 1 month ago by echodrift to c/programming
8 comments fedilink hide all child comments
 

So basically I built a backend with some working endpoint and I built a React Frontend. I can run both things locally and I hosted the page on Cloudflare pages which is working. But now I’m wondering if that’s a good idea?

I have never done this before and I’m wondering if it’s secure enough to host the backend on some server and allow a CORS header to let the Frontend generate requests?

The alternative would be to host Frontend and backend on a VPS and then route my domain that I bought on Cloudflare there, but then I’m thinking that in case my Frontend is insecure somehow the whole instance would be compromised, no?

I hope this is the right platform to ask as I’m pretty new here.

you are viewing a single comment's thread
view the rest of the comments
[–] echodrift 2 points 1 month ago (1 children)

Thanks, this is reassuring. Yeah I don’t really know what I’m doing with the headers but trying my best to be as restrictive as possible. I think I’m still doing something wrong with the headers because I can’t seem to connect to the backend when the fronting is deployed.

Yeah I’m super paranoid about what I’m exposing, I made sure that there are no environment variables or secrets exposed.

[–] MajorHavoc 2 points 1 month ago

Hang in there. CORS is a huge pain in the ass on the best day.

That said, if the issue is CORS, there should be a pretty specific message in the browser debug menu. Note that, if I've read that page correctly, the error won't be available to JavaScript runtime, as an intentional security "feature".