Demo application with authorized server-side and client-side rendering.
- π¦ Svelte Kit | svelte-kit.ssr.almostapps.eu
- π¦ Nuxt | nuxt.ssr.almostapps.eu
- π¦ Astro | astro.ssr.almostapps.eu
- π¦ Qwik | qwik.ssr.almostapps.eu
- π¦ Remix | remix.ssr.almostapps.eu
Appwrite uses 1st party secure cookies for authorization. For legacy reasons, there are two such cookies. They are both very similar, but one's name ends with _legacy
and is configured a tiny bit differently. It's also possible to use a fallback cookie, but that is not secure for production, and we will not be using that.
To ensure server-side rendering works, we need to set those cookies on our SSR server hostname instead of the Appwrite hostname. Let's say our Appwrite instance is on cloud.appwrite.io
, and our app is on myapp.com
. SSR server on domain myapp.com
won't receive appwrite.io
cookies. This is expected behavior, as browsers keep 1st party cookies securely scoped to specific domains.
To set those cookies on the SSR server, we need a special API endpoint in our SSR server. This endpoint will send a request to create a session, proxying email/password or other credentials. This endpoint next parses the response set-cookie
header, replaces domain configuration on the cookies, and set's it's own set-cookie
on the response to the client.
When a client calls this endpoint, the cookie will now be set on the SSR server hostname instead of the Appwrite hostname.
This makes server-side rendering work, but now client-side rendering is broken. Since set-cookie
coming to the browser only includes a cookie for the SSR server, talking to the Appwrite server directly won't have a proper cookie - there is no auth cookie on the Appwrite hostname. To overcome this problem, we ensure the Appwrite hostname is a subdomain of the SSR hostname. For example, if our SSR server runs on myapp.com
, Appwrite needs a custom domain configured on appwrite.myapp.com
. With this setup, all requests to the Appwrite server will include auth cookies, and the user will be properly authorized. This is possible thanks to Appwrite prefixing the cookie domain with .
, meaning all subdomains can also access the cookie.
- Setup Appwrite server
- Create project
almostSsr
- Install libarries
npm install
- Update
AppwriteEndpoint
insrc/app/AppwriteService.ts
- Start server
npm run dev
- Deploy the frontend on your production domain. For example,
myapp.com
. - Add the frontend domain as a trusted platform in your Appwrite project.
- Add a custom domain to your Appwrite project, which is a subdomain of your frontend. For example,
appwrite.myapp.com
. - Update
SsrHostname
andAppwriteHostname
insrc/app/AppwriteService.ts
with proper domains.
To contribute to frontend, make sure to use the Pink Design design system. Ensure both dark and light theme work properly, as well as responsivity on mobile, tablet and desktop.
When contributing with static files, ensure all images are in WEBP or SVG format.
This is a Next.js project bootstrapped with create-next-app
.
First, run the development server:
npm run dev
# or
yarn dev
# or
pnpm dev
Open http://localhost:3000 with your browser to see the result.
You can start editing the page by modifying app/page.tsx
. The page auto-updates as you edit the file.
http://localhost:3000/api/hello is an endpoint that uses Route Handlers. This endpoint can be edited in app/api/hello/route.ts
.
This project uses next/font
to automatically optimize and load Inter, a custom Google Font.
To learn more about Next.js, take a look at the following resources:
- Next.js Documentation - learn about Next.js features and API.
- Learn Next.js - an interactive Next.js tutorial.
You can check out the Next.js GitHub repository - your feedback and contributions are welcome!
The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.
Check out our Next.js deployment documentation for more details.