ILC gives you ability to develop your Micro Frontends in context of the "production" environment. This means that you can render your new app or changed version of the existing one right at the production website.
This gives you ability to see the final result sooner w/o necessity to mock other Micro Frontends inside your local development environment.
Practical example, how to develop your app within our demo site
Let's imagine that our demo site is your production environment. And let's try to substitute News app with the one that you'll run locally.
- Run our demo apps locally. To do so, follow the instruction here ilc-demo-apps#development-process.
- If you're behind NAT and don't have "white" IP address on your machine - use ngrok or any another similar tool to create public url for exposing your local apps.
- Download & install ngrok using instruction from their website.
- As News app uses
8239
port – runngrok http 8239
and you will receive your exposed url, e.g.http://c6960219.ngrok.io
.
- Open demo site and add next cookies:
const exposedUrl = 'http://c6960219.ngrok.io'; // or if you don't have NAT - http://YOUR_PUBLIC_IP:8239 const overrideConfig = encodeURIComponent(JSON.stringify({ apps: { '@portal/news': { spaBundle: exposedUrl + '/dist/single_spa.js', cssBundle: exposedUrl + '/dist/common.css', ssr: { src: exposedUrl + '/news/?fragment=1', }, props: { publicPath: exposedUrl + '/dist/', }, }, }, })); document.cookie = `ILC-overrideConfig=${overrideConfig}; path=/;`
- Try to refresh http://demo.microfrontends.online/news/ several times & using "Network" tabs in browser dev tools ensure
that some requests now go to the URL we specified before in
exposedUrl
variable. - Now let's try to make some changes in our local News app and see them appeared at our Demo website.
- Go to cloned
ilc-demo-apps
repo, open the file/ilc-demo-apps/apps/news-ssr/src/components/Home.vue
and replace<h1>Pick a news source</h1>
with<h1>Hello world</h1>
. - Now switch to your browser and refresh page http://demo.microfrontends.online/news/.
- If everything is ok, you will see h1 with text "Hello world".
- Go to cloned
- Last step is to check that SSR works correctly:
- Turn off javascript with the help of dev-tools in your browser. e.g. explanation how to do it for Chrome
- And after reload of the page we still see correct page with h1 - Hello world
The fact that you can override ILC config for particular browser using cookies introduces a risk of having website defacement attack with the help of XSS. To mitigate this risk ILC by default will restrict all domains and all real IPs (only private IPv4 addresses are allowed) specified for all links in configuration.
However you can allow additional origins by setting environment variable OVERRIDE_CONFIG_TRUSTED_ORIGINS
- default - any origin is disallowed, except for private IPv4 addresses
all
- trust any originsfoo.com, bar.com
- trust only foo.com and bar.com (recommended)
- first of all, you should take adapter for your framework, wrap your app with it and export lifecycle functions.
- turn off CORS for development environment. e.g. for Webpack just add to config:
devServer: {
headers: {
"Access-Control-Allow-Origin": "*",
},
}
- your MS bundle file must be wrapped with(for Webpack you can use wrapper-webpack-plugin):
"(function(define){\n" + bundle_content + "\n})((window.ILC && window.ILC.define) || window.define);"
- your MS should be publicly available. e.g. hosted under 0.0.0.0(default for Node http, so for express too) and available under your IP address or any other tools e.g ngrok or smth else.
- add "ILC-overrideConfig" cookie with config to production:
const overrideConfig = encodeURIComponent(
JSON.stringify({
"apps": {
// rewrite existed MS
"@portal/NAME1": {
"spaBundle": "http://10.1.150.85:2273/bundle.js", // url to bundle
"ssr": {
"src": "http://10.1.150.85:2273/", // url to ssr
},
},
// add new MS
"@portal/NAME2": {
"spaBundle": "http://10.1.150.85:9892/bundle.js", // url to bundle
"ssr": {
"src": "http://10.1.150.85:9891/", // url to ssr
"timeout": 1000,
},
"kind": "primary",
},
},
// add new MS slot to certain route
"routes": [
{
"routeId": 103,
"route": "/example/",
"next": false,
"slots": {
"body": {
"appName": "@portal/NAME2",
"kind": null
},
},
},
],
})
);
document.cookie = `ILC-overrideConfig=${overrideConfig}; path=/;`
- since you probably run your MS locally via http and if your production site uses https so you will have problems with mixed content when you try to send request to http from https, so the simplest way to resolve it - just turn off checking in your browser. Details link.
- if you exclude some libs e.g. via "externals" property of webpack config - comment it during developing at production.