Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 5385b64

Browse files
Update React on Rails to 16.1.1 and move SSR to private directory (#656)
Relocate server-side rendering bundles from public assets to a private directory following React on Rails 16 security best practices. Changes: - Configure webpack to output server bundles to ssr-generated directory - Update React on Rails config to use server_bundle_output_path setting - Add ssr-generated and client/app/generated to .gitignore - Move path require to top of file for proper code organization Configuration: - Uses React on Rails default path: ssr-generated - Server bundle remains named server-bundle.js - Client assets continue to output to public/packs Security Impact: - Server bundles are now isolated from publicly accessible assets - Prevents potential exposure of server-only code and dependencies - Follows React on Rails 16+ recommended security patterns Compatibility: - No breaking changes for existing deployments - Server rendering continues to work transparently - Client-side functionality unchanged This change only affects the build output location for SSR bundles. The application behavior remains identical, with improved security by keeping server-only code separate from public web assets.
1 parent 84f3d24 commit 5385b64

File tree

3 files changed

+16
-1
lines changed

3 files changed

+16
-1
lines changed

‎.gitignore‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,3 +52,10 @@ lib/bs
5252
/lib/ocaml
5353

5454
client/app/bundles/comments/rescript/**/*.bs.js
55+
56+
# Server-side rendering bundles (private)
57+
# Using React on Rails default directory
58+
/ssr-generated/
59+
60+
# Generated files
61+
/client/app/generated/

‎config/initializers/react_on_rails.rb‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,11 @@
1414
# not affect performance.
1515
config.server_bundle_js_file = "server-bundle.js"
1616

17+
# Server bundle output path for private SSR bundles (React on Rails 16+)
18+
# This keeps server bundles separate from public assets for security
19+
# Using the default from React on Rails docs
20+
config.server_bundle_output_path = "ssr-generated"
21+
1722
# React on Rails 16 compatibility: Workaround for removed error handling
1823
#
1924
# BREAKING CHANGE in v16: React on Rails 14.2.1 had robust error handling that would

‎config/webpack/serverWebpackConfig.js‎

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
// The source code including full typescript support is available at:
22
// https://github.com/shakacode/react_on_rails_tutorial_with_ssr_and_hmr_fast_refresh/blob/master/config/webpack/serverWebpackConfig.js
33

4+
const path = require('path');
45
const { config } = require('shakapacker');
56
const commonWebpackConfig = require('./commonWebpackConfig');
67

@@ -45,12 +46,14 @@ const configureServer = () => {
4546

4647
// Custom output for the server-bundle that matches the config in
4748
// config/initializers/react_on_rails.rb
49+
// Output to a private directory for SSR bundles (not in public/)
50+
// Using the default React on Rails path: ssr-generated
4851
serverWebpackConfig.output = {
4952
filename: 'server-bundle.js',
5053
globalObject: 'this',
5154
// If using the React on Rails Pro node server renderer, uncomment the next line
5255
// libraryTarget: 'commonjs2',
53-
path: config.outputPath,
56+
path: path.resolve(__dirname,'../../ssr-generated'),
5457
publicPath: config.publicPath,
5558
// https://webpack.js.org/configuration/output/#outputglobalobject
5659
};

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /