Skip to content

Commit a9aff90

Browse files
Enhance configuration documentation and clarify directory structure for server and client bundles
- Added detailed comments in configuration.md to explain server bundle output path and security measures for loading server bundles. - Introduced examples for organizing client and server assets to improve clarity for users. - Updated comments in base_generator.rb and react_with_redux_generator.rb to reflect changes from 'auto-registration' to 'auto-bundling' terminology for consistency. These changes aim to improve the understanding of asset management and security practices within the React on Rails framework.
1 parent 6c38c6f commit a9aff90

File tree

3 files changed

+45
-10
lines changed

3 files changed

+45
-10
lines changed

docs/guides/configuration.md

Lines changed: 42 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -129,16 +129,51 @@ ReactOnRails.configure do |config|
129129
# This manifest file is automatically generated by the React Server Components Webpack plugin. Only set this if you've configured the plugin to use a different filename.
130130
config.react_server_client_manifest_file = "react-server-client-manifest.json"
131131

132-
# Directory where server bundles will be output during build process.
133-
# This allows organizing server-side rendering assets separately from client assets.
134-
# Default is nil (disabled). Set to "ssr-generated" or your preferred directory to enable.
132+
################################################################################
133+
# SERVER BUNDLE SECURITY AND ORGANIZATION
134+
################################################################################
135+
136+
# This configures the directory (relative to the Rails root) where the server bundle will be output.
137+
# By default, this is "ssr-generated". If set to nil, the server bundle will be loaded from the same
138+
# public directory as client bundles. For enhanced security, use this option in conjunction with
139+
# `enforce_private_server_bundles` to ensure server bundles are only loaded from private directories
135140
# config.server_bundle_output_path = "ssr-generated"
136141

137-
# When enabled, enforces that server bundles are only loaded from private, designated locations
138-
# to prevent potential security risks from loading untrusted server-side code.
139-
# Default is false for backward compatibility.
142+
# When set to true, React on Rails will only load server bundles from private, explicitly configured directories (such as `ssr-generated`), and will raise an error if a server bundle is found in a public or untrusted location. This helps prevent accidental or malicious execution of untrusted JavaScript on the server, and is strongly recommended for production environments. And prevent leakage of server-side code to the client (Especially in the case of RSC).
143+
# Default is false for backward compatibility, but enabling this option is a best practice for security.
140144
config.enforce_private_server_bundles = false
141145

146+
################################################################################
147+
# BUNDLE ORGANIZATION EXAMPLES
148+
################################################################################
149+
#
150+
# This configuration creates a clear separation between client and server assets:
151+
#
152+
# CLIENT BUNDLES (Public, Web-Accessible):
153+
# Location: public/webpack/[environment]/ or public/packs/ (According to your shakapacker.yml configuration)
154+
# Files: application.js, manifest.json, CSS files
155+
# Served by: Web server directly
156+
# Access: ReactOnRails::Utils.public_bundles_full_path
157+
#
158+
# SERVER BUNDLES (Private, Server-Only):
159+
# Location: ssr-generated/ (when server_bundle_output_path configured)
160+
# Files: server-bundle.js, rsc-bundle.js
161+
# Served by: Never served to browsers
162+
# Access: ReactOnRails::Utils.server_bundle_js_file_path
163+
#
164+
# Example directory structure with recommended configuration:
165+
# app/
166+
# ├── ssr-generated/ # Private server bundles
167+
# │ ├── server-bundle.js
168+
# │ └── rsc-bundle.js
169+
# └── public/
170+
# └── webpack/development/ # Public client bundles
171+
# ├── application.js
172+
# ├── manifest.json
173+
# └── styles.css
174+
#
175+
################################################################################
176+
142177
# `prerender` means server-side rendering
143178
# default is false. This is an option for view helpers `render_component` and `render_component_hash`.
144179
# Set to true to change the default value to true.
@@ -219,7 +254,7 @@ ReactOnRails.configure do |config|
219254
# | 8.2.0+ | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
220255
#
221256
################################################################################
222-
# components_subdirectory is the name of the subdirectory matched to detect and register components automatically
257+
# components_subdirectory is the name of the subdirectory matched to detect components for auto-bundle-loading
223258
# The default is nil. You can enable the feature by updating it in the next line.
224259
config.components_subdirectory = nil
225260
# Change to a value like this example to enable this feature

lib/generators/react_on_rails/base_generator.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ def add_hello_world_route
2424
end
2525

2626
def create_react_directories
27-
# Create auto-registration directory structure for non-Redux components only
27+
# Create auto-bundling directory structure for non-Redux components only
2828
# Redux components handle their own directory structure
2929
return if options.redux?
3030

lib/generators/react_on_rails/react_with_redux_generator.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class ReactWithReduxGenerator < Rails::Generators::Base
1919
aliases: "-T"
2020

2121
def create_redux_directories
22-
# Create auto-registration directory structure for Redux
22+
# Create auto-bundling directory structure for Redux
2323
empty_directory("app/javascript/src/HelloWorldApp/ror_components")
2424

2525
# Create Redux support directories within the component directory
@@ -31,7 +31,7 @@ def copy_base_files
3131
base_js_path = "redux/base"
3232
ext = component_extension(options)
3333

34-
# Copy Redux-connected component to auto-registration structure
34+
# Copy Redux-connected component to auto-bundling structure
3535
copy_file("#{base_js_path}/app/javascript/bundles/HelloWorld/startup/HelloWorldApp.client.#{ext}",
3636
"app/javascript/src/HelloWorldApp/ror_components/HelloWorldApp.client.#{ext}")
3737
copy_file("#{base_js_path}/app/javascript/bundles/HelloWorld/startup/HelloWorldApp.server.#{ext}",

0 commit comments

Comments
 (0)