I’m doing everything wrong
Today I learned...
I’ve been writing webapps completely wrong.
Putting secured API interactions and database requests in the hands of the client’s browser is a bad practice for multiple reasons. First, it’s extremely insecure. Anyone with Chrome or Firefox can use dev tools to exploit API keys and read and write to a database. Your top priority may not be security, but still: this is extremely dangerous. Even if you build practice apps with frontend interactions, never push one out as a consumer-facing app.
Second, it creates a bad user experience. Depending on the client’s browser, operating system, memory, connection, ect., fetching resources from within the browser can dramatically slow down the web page and the computer. If you absolutely have to perform requests in the frontend, at least generate a loading symbol so that the user can tell what’s happening.
So, now I’ve got to go back and rewrite all my apps to use NodeJS servers. Blech. Take a word of advice- don’t cut corners. Use the right practices!