Update middleware docs #1010
Update middleware docs #1010
Conversation
|
|
✅ Deploy Preview for solid-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| @@ -2,28 +2,227 @@ | |||
| title: "Middleware" | |||
| --- | |||
|
|
|||
| Middlewares may be included by passing file you specify in your start config. | |||
| Middleware is a function that intercepts HTTP requests and responses. It allows you to modify the response by rewriting, redirecting, modifying the request or response headers, or responding directly. | |||
There was a problem hiding this comment.
It allows you to modify the response by rewriting, redirecting, modifying the request or response headers, or responding directly.
Feels a little too wordy, maybe split it into multiple sentences or a bullet list, or simplify the list to only mention the broad categories of things, like
It allows you to modify the request or response objects in various ways.
|
|
||
| Although using middleware for authentication and authorization is a common practice in many web frameworks, it is not advisable to use SolidStart middleware for these purposes. | ||
|
|
||
| This is because SolidStart middleware is not guaranteed to run on every single request. | ||
|
|
||
| For optimal security, all checks should be performed as close to your data source as possible. |
There was a problem hiding this comment.
You can actually add a section on Authentication that shows how to do token validation in a middleware, and reword this to something like this
Using middleware for protecting routes is not recommended in SolidStart. Authorization should be handled as close as possible to the data source.
Technically authentication is completely fine (and recommended) in the middleware, authorization is the thing that should be close to the data and not in the middleware.
Description(required)
This is a work in progress. However, I'm open for suggestions and feedback
This PR adds comprehensive documentation for middleware. Please refer to this Discord thread for additional background and discussion regarding this PR.
It follows the explanation guide from the Diátaxis framework, as this fits better with the other related pages. I focused on the theoretical aspects of middleware and avoided too much practical detail to reduce overlap with reference and guide pages.
There are a few practical examples that may be significant enough to be part of a how-to guide, especially the CORS example. I wasn't sure where to place these examples, so I have included them here for now.
TODO
Related issues & labels