Describe the bug
On the page https://github.com/sveltejs/sapper/blob/master/site/content/docs/10-exporting.md the docs state:
The basic rule is this: for an app to be exportable, any two users hitting the same page of your app must get the same content from the server. In other words, any app that involves user sessions or authentication is not a candidate for sapper export.
Is this true? Perhaps this requires some clarification, because I've seen applications where the front-end is statically served but there is still authentication using Auth0 or methods like this
Logs
N/A
To Reproduce
N/A
Expected behavior
Clarification in docs
headphonejack
All 4 comments
Yes, that is true.
Any content that requires some authentication should not be exported. So you'd still be able to use authentication which resolves confidential data in the frontend.
neoel
on 10 Dec 2019
Yes, that is true.
Any content that requires some authentication should not be exported. So you'd still be able to use authentication which resolves confidential data in the frontend.
Hey @neoel, could you clarify why this is the case? I'm currently working on an app where I am doing just that and there seem to be no issues so far.
Edit: I just carefully re-read the docs @headphonejack. It's referring to the server serving the front-end. If you deal with authentication via an external back-end server with an API, this should not be an issue. The docs need some more clarification. It's probably describe in this way to warn people who also use Sapper as back-end.
HDauven
on 14 Dec 2019
What the docs say is largely true. Perhaps there could be some clarification to say that exporting is not an option when your authentication state affects the pages that you get SSR'd content for. If all auth logic happens on the client (and external servers), exporting is fine. The challenge is to convey this in the docs in a way that is succinct and not confusing.
Conduitry
on 2 Jan 2020
Any content that requires some authentication should not be exported.
Could probably become something like:
Any content that needs to be SSRed differently on a per-user basis should not be exported.
pngwn
on 8 Jan 2020
Related issues
keyvan-m-sadeghi
路
4Comments
antony
路
3Comments
milosdjakovic
路
3Comments
Rich-Harris
路
3Comments
freedmand
路
4Comments
Most helpful comment
What the docs say is largely true. Perhaps there could be some clarification to say that exporting is not an option when your authentication state affects the pages that you get SSR'd content for. If all auth logic happens on the client (and external servers), exporting is fine. The challenge is to convey this in the docs in a way that is succinct and not confusing.