Hello,

I wrote a three-part essay on this question last year:
1. https://fractalideas.com/blog/making-react-and-django-play-well-together/
2. 
https://fractalideas.com/blog/making-react-and-django-play-well-together-hybrid-app-model/
3. 
https://fractalideas.com/blog/making-react-and-django-play-well-together-single-page-app-model/

Even though I took a narrower view — I only considered React — I found enough 
decisions factors to write over 2000 words in the first post, which is too long 
for a FAQ :-)

On one hand, I'm not sure the Django docs should go into this level of detail 
and provide specific information about a particular JS framework. On the other 
hand, it's rather useless to talk about integrating Django with a JS frontend 
without discussing authentication and it's hard to discuss authentication in 
less than 2000 words — which were just for justifying my favorite solution, not 
for investigating every option!

I think we need a how-to guide rather than a FAQ entry. I would find it nice:

A. To describe the Singe Page App model — where Django only serves the API

We need to explain CORS and CSRF in the clearest terms possible. Many devs end 
up shotgun-debugging CORS or CSRF errors, which always results in insecure 
deployments.

My consulting experience suggests that we have a problem there: I never did an 
audit where the client got that right, even though they're all smart people 
trying to get things right.

Perhaps a condensed version of my third post could do the job?

Some may disagree with my recommendation against JWT, which may too opinionated 
for the Django docs. Again, in my experience, people tend to get security more 
wrong with JWT, which is why I prefer discouraging it and letting those who 
know what they're doing ignore my advice.

B. To say something about integrating a modern JS framework with 
django.contrib.staticfiles 

It's perfectly doable and provides all the benefits of 
django.contrib.staticfiles. However, it requires a bit of duct tape, as shown 
in my second post.

I'm a huge fan of this technique for simple website but I'm afraid I'm biased 
by my experience with Django. This is unlikely to be a popular option for those 
who are more familiar with a modern frontend framework than with 
django.contrib.staticfiles.

The docs should at least give the general idea of "compile your frontend to 
somewhere Django can find the files, then run collectstatic".

If someone starts writing documentation about this, I'm interested in reviewing 
it.

Best regards,

-- 
Aymeric.



> On 5 Feb 2019, at 11:17, Carlton Gibson <carlton.gib...@gmail.com> wrote:
> 
> I think this topic is very interesting. 
> 
> Two sides of it: 
> 
> * Static files handling
> * APIs
> 
> Curtis is right, there are other options but, Django REST Framework is 
> (whilst not perfect) pretty solid on the API front. I think Django has a good 
> story here. 
> It's pretty hard not to find DRF if you follow any guide, or any searching at 
> all. 
> 
> The static files story is a little different. It seems to me we don't tell 
> the best story there. 
> 
> Rails has two things which we could be envious of, even if we didn't want to 
> copy exactly:
> 
> * The frontend framework integration that's already been mentioned. 
> * The very easy "Ajax your form", with controllers (i.e. for us "generic 
> views") automatically handling ajax form submissions. 
> 
> Both these features get users further quicker in these aspects than we are 
> able to offer. 
> 
> We struggle to think of areas for improvements (re GSoC for example) but 
> maybe here is an area. 
> 
> This ties into Claude's proposal here: 
> https://groups.google.com/d/topic/django-developers/KYmNnvwXDUI/discussion
> 
> My own story is, I've had lots of success with, and still use, Django 
> Compressor.  
> At it's simplest you just map a content type to a shell command to run and 
> then include your Sass/Less/React/Elm/whatever files in your HTML (with 
> script or link tags, almost in the old-school way). 
> In development these are processed (& cached) per request. 
> For deployment you just run an offline compression task (management command) 
> and then upload the files. 
> That's it. 
> It's not a coverall approach — a frontend engineer will come along and 
> totally replace Compressor with whatever is this week's Top Javascript Build 
> System™ BUT it is a good 80:20: it lets me do something (that approximates) 
> respectable, without knowing hardly anything about the latest frontend 
> hotness. (GNU Make FTW! 🙂) 
> 
> I think if we were to offer something out-of-the-box that got as far as 
> Compressor, or further, we'd:
> satisfy most of our users, 
> allow yet more to get off the mark quickly, 
> and... well... those that need the full frontend toolchain would still be 
> free to use it. 
> I worry we'd never get anything like this into core... but I think it would 
> be good. (As I say, I think it's one area where we are lacking/behind the 
> competition.)
> 
> Kind Regards,
> 
> Carlton
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com 
> <mailto:django-developers+unsubscr...@googlegroups.com>.
> To post to this group, send email to django-developers@googlegroups.com 
> <mailto:django-developers@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-developers 
> <https://groups.google.com/group/django-developers>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/49deee81-0230-48a0-8c2a-b12eb0956810%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/django-developers/49deee81-0230-48a0-8c2a-b12eb0956810%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout 
> <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CBFA85F9-3EE1-4B74-B121-F178F551D9CD%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to