- Overview
- Routing
- Proxy Routes
- React
- Quick Start
- Fetching Data from API
- fetch() API
- Populating Page's Head
- Importing CSS/Sass
- TypeScript
- Excluding Bundle from Client-Side
- Markdown and MDX
- Node.js / JavaScript
- Query Parameters
- POST, PUT, PATCH, DELETE Methods
- Dynamic Routes (Pretty URL Slugs)
- fetch() API
- TypeScript
- Sessions
- CORS and Express Middlewares
- HTML
- Vue
- Svelte
- Static Files
- Python
- Before You Start
- Printing To Console
- JSON Response
- URL Parameters
- Requirements.txt
- Dynamic Routes (Pretty URL Slugs)
- POST Data
- File Upload
- Deployment
- Security
- How Zero Works
Security
Zero introduces some new concepts like file-based routing and auto installation of require-d dependencies. This also means new attack vectors for hackers. Here are some recommendations:
Running in Production-mode
When deploying to server, always prebuild your site with zero build and then run the server with NODE_ENV=production environment variable set. This turns off the development mode and doesn't automatically execute any newly added files.
This will also turn off auto-dependency installation.
Creating File Uploader
If your site needs a file uploading feature, ideally you should not store the file locally and directly PUT it to S3-like storage bucket. But if you are storing them locally, be sure to add that folder to .zeroignore.