Previously, we discussed and voted on removing the `cordova serve` command
from the Cordova CLI. After the removal from CLI, `cordova-browser` is the
only package that now depends on `cordova-serve` within Apache Cordova
scope.

The goal of this thread is focused on whether we should deprecate and
eventually sunset the `cordova-serve` npm package and repository.

The proposed direction is to move the serving functionality from
`cordova-serve` into `cordova-browser` and make it part of its core
implementation. For the discussion, I prepared a proof-of-concept (PoC) PR
demonstrating the implementation within Cordova-Browser.

There may be third-party tools that use cordova-serve and I left a note
about one of them in the "Additional Notes" section.

The goal of this discussion is to gather any feedback and to find out if
there are any strong reasons to not proceed with the deprecation and
sunsetting of `cordova-serve`.

=== PoC PR ===

## PoC Implementation

A PoC PR is available for review here:

https://github.com/apache/cordova-browser/pull/164

The PoC intentionally does not carry over every feature from
`cordova-serve`. Instead, it focuses on the minimum functionality required
to start and run the web server while keeping the implementation simple and
maintainable.

## Implemented in the PoC

The current PoC includes the following:

* Adds direct dependencies on `express`, `compression`, and `open`, which
continue to be used for serving the application and opening the browser.
* Improves the startup message to clearly indicate that the serve
functionality is intended only for development and testing. It has always
been intended for development and has never been recommended for production
use.
* Adds SSL/HTTPS support but does not generate SSL certificates or keys.
This feature is useful if the app loads HTTPS resources or makes HTTPS
requests and therefore needs to be served over HTTPS to avoid CORS-related
issues. Again, not intended for production use.

SSL/HTTPS support would introduce two new CLI parameters:

* `--ssl-key-file`
* `--ssl-cert-file`

Example:

```sh
cordova run browser --ssl-key-file=/path/to/key
--ssl-cert-file=/path/to/cert
```

## Other Behavioral Changes

### Browser Opening

The current PoC intentionally does **not** include any custom
browser-launching logic that may have existed previously.

Instead, it provides only the minimum functionality needed. Supported
browsers are determined by the `open` dependency. If additional browser
support is needed, it should be requested by opening an issue in the `open`
project.

Developers can prevent the browser from opening automatically by setting
the `target` parameter to `none`, then manually launch their browser of
choice and navigate to the application URL.

The primary motivation is to reduce custom logic and inconsistent behavior
across browsers. For example, the previous implementation automatically
passed the `--user-data-dir` flag to Chrome with a temporary directory in
an attempt to provide a clean testing environment by isolating browser
state, cache, and cookies. However, this behavior was specific to Chrome
and was not consistent with other browsers. Also, I believe the flag
affects extensions so if developers needed pre-installed extensions it
would have been dropped.

Developers who want this behavior can still provide browser-specific
arguments if desired. For example:

```sh
cordova run browser --target=chrome "--" --user-data-dir=/tmp/cordova-test
```

### Port Handling

Previously, when no port was specified, the server started on port `8000`
and incremented until it successfully bound to an available port.

In the PoC, when no port is specified, Node requests an ephemeral port,
allowing the operating system to automatically assign an available port.

Developers may still specify a port explicitly. If the requested port is
unavailable, an error will be thrown.

===

## Additional Notes

* Third-party tools, such as `cordova-simulate`, had depended on
`cordova-serve`. I previously opened a discussion there about removing that
dependency. The PoC PR are nearly identical to what I would recommend to be
implemented in `cordova-simulate` as well.
* If there is interest, we could make a final `cordova-serve` release
before starting a deprecation process.

## Feedback

The PoC PR is intended to demonstrate a possible direction for moving the
serving functionality into  `cordova-browser`.

I would appreciate hearing everyone's feedback and thoughts on
consolidating the package, as well as on the deprecation and eventual
sunsetting of `cordova-serve`.

If there are no concerns, we could start a VOTE in a separate voting thread.

Reply via email to