1
00:00:01,120 --> 00:00:05,260
Now that we understand how Code 10 does all the stuff, we're going to apply the same kind of logic

2
00:00:05,260 --> 00:00:08,980
and decide whether or not it is appropriate for the application we are building.

3
00:00:09,400 --> 00:00:13,180
Let me give you a quick reminder on what we are trying to make here, because it's been a while since

4
00:00:13,180 --> 00:00:15,740
we've really discussed the overall application that we're working on.

5
00:00:16,300 --> 00:00:20,960
So as you may recall at the very start of this course, I gave you a quick demonstration for the book

6
00:00:20,980 --> 00:00:23,020
application that we are ultimately trying to build.

7
00:00:23,620 --> 00:00:26,830
So here are the series of steps we went through during that demonstration.

8
00:00:27,340 --> 00:00:32,200
I had shown you that I want to build to run a command on my local machine of something like JDBC serve.

9
00:00:32,650 --> 00:00:38,590
When I run that command, it should start up a local server on localhost at Port four thousand and five.

10
00:00:39,220 --> 00:00:43,240
I was then able to open up my browser, navigate to localhost four thousand five.

11
00:00:43,660 --> 00:00:46,420
I was then able to write out some code inside of a code editor.

12
00:00:47,230 --> 00:00:53,230
That code was then bundled directly inside the browser and then just, you know, like the actual application

13
00:00:53,440 --> 00:00:54,970
that I was running at that point time.

14
00:00:54,970 --> 00:00:57,490
It was executing all that code inside of an iFrame.

15
00:00:57,970 --> 00:01:00,070
No matter what, we are going to use an iFrame here.

16
00:01:00,100 --> 00:01:03,220
It's just a really question of how that iFrame will be configured.

17
00:01:04,599 --> 00:01:09,550
So the real thing we need to decide here, the real thing I want to just examine inside this video very

18
00:01:09,550 --> 00:01:14,460
quickly, is whether or not you and I actually need some separation like this.

19
00:01:14,920 --> 00:01:20,920
Do we actually need to serve up our react up from some domain and then serve out the contents of the

20
00:01:20,920 --> 00:01:22,900
iFrame from a second domain?

21
00:01:23,290 --> 00:01:29,230
Remember, the only reason or one of the only reasons that Copan Code Sandbox and all these other services

22
00:01:29,410 --> 00:01:35,140
have this separation in domain names is to get that extra layer of security and make sure that whatever

23
00:01:35,140 --> 00:01:41,690
code is running inside of that iFrame cannot affect the outside document or that parent document.

24
00:01:41,740 --> 00:01:44,400
That's what these two different domain names are all about.

25
00:01:45,040 --> 00:01:49,920
So we really have to decide whether or not we have to do that inside of our application.

26
00:01:49,960 --> 00:01:55,510
Do we want to have our main react up that is going to show the overall notebook server from localhost

27
00:01:55,510 --> 00:02:00,640
four thousand five and then maybe have some different domain name of something like localhost four thousand

28
00:02:00,640 --> 00:02:03,240
six to serve up the content for the iFrame?

29
00:02:03,250 --> 00:02:05,410
That is the big question we need to ask here.

30
00:02:06,250 --> 00:02:11,170
The reason that we are asking ourselves this is that our application doesn't really have any authentication

31
00:02:11,170 --> 00:02:11,710
mechanism.

32
00:02:11,890 --> 00:02:16,930
We don't have any credentials that can be stolen like code, sandbox or code does.

33
00:02:17,290 --> 00:02:21,700
There's not really any kind of malicious code that someone's going to run inside of one of our users

34
00:02:21,700 --> 00:02:25,960
browsers that's going to cause any serious problems inside of our application.

35
00:02:26,420 --> 00:02:31,810
In other words, I would not really worry about taking some other users code and running it directly

36
00:02:31,810 --> 00:02:35,710
inside of our book application just because there are no credentials.

37
00:02:35,710 --> 00:02:39,760
There's nothing like that that this is a standalone development environment.

38
00:02:40,680 --> 00:02:46,540
So do we actually need these two different domains just for serving up the main react up and the iFrame?

39
00:02:47,250 --> 00:02:51,420
I think that you could very easily say that no we don't, because we just don't have the same kind of

40
00:02:51,420 --> 00:02:52,290
security issues.

41
00:02:52,680 --> 00:02:58,070
So we could absolutely decide that for our application we're not going to use a flow like this.

42
00:02:58,380 --> 00:03:04,380
Instead, we can decide to basically do everything from just one single domain if we wanted to.

43
00:03:05,990 --> 00:03:07,320
But we're not going to do that.

44
00:03:07,370 --> 00:03:12,530
We're not going to take the easy way out, even though we definitely could in our case, the reason

45
00:03:12,530 --> 00:03:16,220
we are not going to take the easy way out and just serve up everything from the same domain is that

46
00:03:16,220 --> 00:03:22,040
eventually we might decide that we've got a really neat application here and maybe we will want to allow

47
00:03:22,040 --> 00:03:25,420
users to host all these different notebooks they put together online.

48
00:03:25,820 --> 00:03:30,590
Maybe we would want to allow there to be some kind of authentication mechanism around getting access

49
00:03:30,590 --> 00:03:32,210
to these notebooks or something like that.

50
00:03:32,870 --> 00:03:36,530
So if we take the easy way out right now and just say, you know what, we're just going to serve up

51
00:03:36,530 --> 00:03:42,110
the main app and the iFrame from the same domain and not worry about any of the security stuff, it

52
00:03:42,110 --> 00:03:46,360
might come back and bite us later if we start to ever expand our application.

53
00:03:46,700 --> 00:03:51,320
And at that point in time we would have to refactor everything to include all these different security

54
00:03:51,320 --> 00:03:51,920
concerns.

55
00:03:52,760 --> 00:03:56,720
So at the end of the day, even though we technically don't really need to worry about the security

56
00:03:56,720 --> 00:04:00,290
stuff for our application, I think we should still address it nonetheless.

57
00:04:01,700 --> 00:04:07,790
OK, so now we've got a better idea of what we are going to try to do here, the last thing I really

58
00:04:07,790 --> 00:04:15,830
want to ask ourselves is whether or not we really need to serve everything up from different domains

59
00:04:15,830 --> 00:04:17,690
or in this case, different ports, technically.

60
00:04:18,790 --> 00:04:23,620
Or if there is some other kind of easier way that we can implement all this stuff and still have this

61
00:04:23,620 --> 00:04:26,170
kind of security constraint satisfied as well.

62
00:04:26,510 --> 00:04:29,290
So let's do just a little bit more investigation in the next video.