Almost SSR - Svelte Kit
Demo application with authorized server-side and client-side rendering.
Stay in Touch
Share
π Looking for Different Framework?
- π¦ Next.js | next-js.ssr.almostapps.eu
- π¦ Nuxt | nuxt.ssr.almostapps.eu
- π¦ Astro | astro.ssr.almostapps.eu
- π¦ Qwik | qwik.ssr.almostapps.eu
- π¦ Remix | remix.ssr.almostapps.eu
π So How Does It Work?
Appwrite uses 1st party secure cookies for authorization. For legacy reasons, there are two such cookies. They are both very similar, but one's name ends with _legacy
and is configured a tiny bit differently. It's also possible to use a fallback cookie, but that is not secure for production, and we will not be using that.
To ensure server-side rendering works, we need to set those cookies on our SSR server hostname instead of the Appwrite hostname. Let's say our Appwrite instance is on cloud.appwrite.io
, and our app is on myapp.com
. SSR server on domain myapp.com
won't receive appwrite.io
cookies. This is expected behavior, as browsers keep 1st party cookies securely scoped to specific domains.
To set those cookies on the SSR server, we need a special API endpoint in our SSR server. This endpoint will send a request to create a session, proxying email/password or other credentials. This endpoint next parses the response set-cookie
header, replaces domain configuration on the cookies, and set's it's own set-cookie
on the response to the client.
When a client calls this endpoint, the cookie will now be set on the SSR server hostname instead of the Appwrite hostname.
This makes server-side rendering work, but now client-side rendering is broken. Since set-cookie
Β coming to the browser only includes a cookie for the SSR server, talking to the Appwrite server directly won't have a proper cookie - there is no auth cookie on the Appwrite hostname. To overcome this problem, we ensure the Appwrite hostname is a subdomain of the SSR hostname. For example, if our SSR server runs on myapp.com
, Appwrite needs a custom domain configured on appwrite.myapp.com
. With this setup, all requests to the Appwrite server will include auth cookies, and the user will be properly authorized. This is possible thanks to Appwrite prefixing the cookie domain with .
, meaning all subdomains can also access the cookie.
π§° Tech Stack
π οΈ Setup Server
- Setup Appwrite server
- Create project
almostSsr
π Setup Client
- Install libarries
npm install
- Update
AppwriteEndpoint
insrc/lib/AppwriteService.ts
- Start server
npm run dev
π Deployment
- Deploy the frontend on your production domain. For example,
myapp.com
. - Add the frontend domain as a trusted platform in your Appwrite project.
- Add a custom domain to your Appwrite project, which is a subdomain of your frontend. For example,
appwrite.myapp.com
. - Update
SsrHostname
andAppwriteHostname
insrc/lib/AppwriteService.ts
with proper domains.