The latest articles on Forem by Vimal Maheedharan (@vimgudy). https://forem.com/vimgudy https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3641863%2Fe86fed91-0644-44a3-8771-89da00bf597e.png https://forem.com/vimgudy en Vimal Maheedharan Thu, 04 Dec 2025 18:05:20 +0000 https://forem.com/vimgudy/microfrontends-without-frameworks-a-simple-vanilla-javascript-approach-2c0h https://forem.com/vimgudy/microfrontends-without-frameworks-a-simple-vanilla-javascript-approach-2c0h <p>The question: <strong>"Can we build microfrontends using only vanilla JavaScript, HTML, and CSS (without frameworks like React/Vue or build tools like Webpack)?"</strong></p> <p>Short answer: <strong>Yes — absolutely!</strong></p> <p>We can build microfrontends with plain <strong>HTML/JS/CSS</strong> using simple, browser-native patterns: <strong>Web Components</strong> (Custom Elements + Shadow DOM), dynamic script/ES module loading, or iframes.</p> <p>Below, I'll provide the complete, copy-pasteable approach for a host and two remotes using custom elements and a tiny global event bus. This solution is minimal, framework-free, and easy to reason about. Perfect as a short engineering exercise or a workshop: lightweight, independent deployables, and easy to reason about.</p> <p><strong>Architecture overview</strong></p> <ul> <li>Host: Loads and orchestrates microfrontends (iframes)</li> <li>Products: Microfrontend that emits cart:add events</li> <li>Cart: Microfrontend that receives events and displays cart items</li> </ul> <p>📁 <strong>Directory structure</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>host/ index.html products/ products.html cart/ cart.html </code></pre> </div> <p>Run each folder on a different local server:</p> <p>Host → <a href="http://localhost:3000" rel="noopener noreferrer">http://localhost:3000</a><br> Products → <a href="http://localhost:3001" rel="noopener noreferrer">http://localhost:3001</a><br> Cart → <a href="http://localhost:3002" rel="noopener noreferrer">http://localhost:3002</a></p> <p>(You can use python -m http.server or VSCode Live Server.)</p> <p>🖥️ <u>Host app</u> — host/index.html<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!doctype html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"utf-8"</span><span class="nt">/&gt;</span> <span class="nt">&lt;title&gt;</span>Host (iframes)<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;style&gt;</span> <span class="nt">nav</span><span class="p">{</span><span class="nl">background</span><span class="p">:</span><span class="m">#222</span><span class="p">;</span><span class="nl">color</span><span class="p">:</span><span class="m">#fff</span><span class="p">;</span><span class="nl">padding</span><span class="p">:</span><span class="m">8px</span><span class="p">}</span> <span class="nf">#frameWrap</span><span class="p">{</span><span class="nl">display</span><span class="p">:</span><span class="n">flex</span><span class="p">;</span><span class="py">gap</span><span class="p">:</span><span class="m">12px</span><span class="p">;</span><span class="nl">padding</span><span class="p">:</span><span class="m">12px</span><span class="p">}</span> <span class="nt">iframe</span><span class="p">{</span><span class="nl">width</span><span class="p">:</span><span class="m">48%</span><span class="p">;</span><span class="nl">height</span><span class="p">:</span><span class="m">400px</span><span class="p">;</span><span class="nl">border</span><span class="p">:</span><span class="m">1px</span> <span class="nb">solid</span> <span class="m">#ccc</span><span class="p">;}</span> <span class="nt">&lt;/style&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;nav&gt;</span> <span class="nt">&lt;button</span> <span class="na">id=</span><span class="s">"btnLoad"</span><span class="nt">&gt;</span>Load Microfrontends<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;button</span> <span class="na">id=</span><span class="s">"btnSendAuth"</span><span class="nt">&gt;</span>Send Auth Token<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/nav&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"frameWrap"</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="kd">const</span> <span class="nx">ALLOWED</span> <span class="o">=</span> <span class="p">{</span> <span class="na">products</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3001</span><span class="dl">'</span><span class="p">,</span> <span class="na">cart</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3002</span><span class="dl">'</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">frameWrap</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">frameWrap</span><span class="dl">'</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">createIframe</span><span class="p">(</span><span class="nx">id</span><span class="p">,</span> <span class="nx">src</span><span class="p">,</span> <span class="nx">sandbox</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">allow-scripts allow-same-origin</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">f</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">iframe</span><span class="dl">'</span><span class="p">);</span> <span class="nx">f</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">id</span><span class="p">;</span> <span class="nx">f</span><span class="p">.</span><span class="nx">src</span> <span class="o">=</span> <span class="nx">src</span><span class="p">;</span> <span class="nx">f</span><span class="p">.</span><span class="nx">sandbox</span> <span class="o">=</span> <span class="nx">sandbox</span><span class="p">;</span> <span class="nx">f</span><span class="p">.</span><span class="nx">loading</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">lazy</span><span class="dl">'</span><span class="p">;</span> <span class="nx">f</span><span class="p">.</span><span class="nx">title</span> <span class="o">=</span> <span class="nx">id</span><span class="p">;</span> <span class="nx">frameWrap</span><span class="p">.</span><span class="nf">appendChild</span><span class="p">(</span><span class="nx">f</span><span class="p">);</span> <span class="k">return</span> <span class="nx">f</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Handle messages from remotes</span> <span class="nb">window</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">ev</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">origin</span> <span class="o">=</span> <span class="nx">ev</span><span class="p">.</span><span class="nx">origin</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">ev</span><span class="p">.</span><span class="nx">data</span> <span class="o">||</span> <span class="p">{};</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">data</span><span class="p">.</span><span class="nx">type</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="p">[</span><span class="nx">ALLOWED</span><span class="p">.</span><span class="nx">products</span><span class="p">,</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nx">cart</span><span class="p">].</span><span class="nf">includes</span><span class="p">(</span><span class="nx">origin</span><span class="p">))</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">Blocked message from unknown origin:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">origin</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Host received:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">data</span><span class="p">,</span> <span class="dl">'</span><span class="s1">from</span><span class="dl">'</span><span class="p">,</span> <span class="nx">origin</span><span class="p">);</span> <span class="c1">// Forward "cart:add" to Cart MFE</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">cart:add</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cartFrame</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">cartFrame</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">cartFrame</span> <span class="o">&amp;&amp;</span> <span class="nx">cartFrame</span><span class="p">.</span><span class="nx">contentWindow</span><span class="p">)</span> <span class="p">{</span> <span class="nx">cartFrame</span><span class="p">.</span><span class="nx">contentWindow</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">(</span><span class="nx">data</span><span class="p">,</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nx">cart</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Handle auth requests</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">auth:request</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">FAKE_TOKEN_12345</span><span class="dl">'</span><span class="p">;</span> <span class="nx">ev</span><span class="p">.</span><span class="nx">source</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">auth:response</span><span class="dl">'</span><span class="p">,</span> <span class="na">payload</span><span class="p">:</span> <span class="p">{</span> <span class="nx">token</span> <span class="p">}</span> <span class="p">},</span> <span class="nx">origin</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Dynamic iframe resizing</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">frame:resize</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">ev</span><span class="p">.</span><span class="nx">source</span> <span class="o">===</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">productsFrame</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">contentWindow</span><span class="p">)</span> <span class="p">{</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">productsFrame</span><span class="dl">'</span><span class="p">).</span><span class="nx">style</span><span class="p">.</span><span class="nx">height</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">payload</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">px</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">btnLoad</span><span class="dl">'</span><span class="p">).</span><span class="nx">onclick</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">frameWrap</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nf">createIframe</span><span class="p">(</span><span class="dl">'</span><span class="s1">productsFrame</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nx">products</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">/products.html</span><span class="dl">'</span><span class="p">);</span> <span class="nf">createIframe</span><span class="p">(</span><span class="dl">'</span><span class="s1">cartFrame</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nx">cart</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">/cart.html</span><span class="dl">'</span><span class="p">);</span> <span class="p">};</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">btnSendAuth</span><span class="dl">'</span><span class="p">).</span><span class="nx">onclick</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">FAKE_TOKEN_12345</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">prod</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">productsFrame</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cart</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">cartFrame</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">prod</span> <span class="o">&amp;&amp;</span> <span class="nx">prod</span><span class="p">.</span><span class="nx">contentWindow</span><span class="p">)</span> <span class="p">{</span> <span class="nx">prod</span><span class="p">.</span><span class="nx">contentWindow</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span><span class="dl">'</span><span class="s1">auth:response</span><span class="dl">'</span><span class="p">,</span> <span class="na">payload</span><span class="p">:{</span> <span class="nx">token</span> <span class="p">}</span> <span class="p">},</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nx">products</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">cart</span> <span class="o">&amp;&amp;</span> <span class="nx">cart</span><span class="p">.</span><span class="nx">contentWindow</span><span class="p">)</span> <span class="p">{</span> <span class="nx">cart</span><span class="p">.</span><span class="nx">contentWindow</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span><span class="dl">'</span><span class="s1">auth:response</span><span class="dl">'</span><span class="p">,</span> <span class="na">payload</span><span class="p">:{</span> <span class="nx">token</span> <span class="p">}</span> <span class="p">},</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nx">cart</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="nt">&lt;/script&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>📦 <u>Products microfrontend</u> — products/products.html<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!doctype html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;&lt;meta</span> <span class="na">charset=</span><span class="s">"utf-8"</span><span class="nt">/&gt;&lt;title&gt;</span>Products<span class="nt">&lt;/title&gt;&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;h3&gt;</span>Products (iframe)<span class="nt">&lt;/h3&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"list"</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="kd">const</span> <span class="nx">ORIGIN_PARENT</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">products</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span><span class="na">id</span><span class="p">:</span><span class="mi">1</span><span class="p">,</span><span class="na">name</span><span class="p">:</span><span class="dl">'</span><span class="s1">Widget A</span><span class="dl">'</span><span class="p">,</span><span class="na">price</span><span class="p">:</span><span class="mi">199</span><span class="p">},</span> <span class="p">{</span><span class="na">id</span><span class="p">:</span><span class="mi">2</span><span class="p">,</span><span class="na">name</span><span class="p">:</span><span class="dl">'</span><span class="s1">Widget B</span><span class="dl">'</span><span class="p">,</span><span class="na">price</span><span class="p">:</span><span class="mi">299</span><span class="p">}</span> <span class="p">];</span> <span class="kd">function</span> <span class="nf">render</span><span class="p">(){</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">list</span><span class="dl">'</span><span class="p">).</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">products</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">p</span> <span class="o">=&gt;</span> <span class="s2">` &lt;div style="display:flex;justify-content:space-between;padding:6px;border-bottom:1px solid #eee"&gt; &lt;div&gt;</span><span class="p">${</span><span class="nx">p</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2"> — ₹</span><span class="p">${</span><span class="nx">p</span><span class="p">.</span><span class="nx">price</span><span class="p">}</span><span class="s2">&lt;/div&gt; &lt;button data-id="</span><span class="p">${</span><span class="nx">p</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">"&gt;Add&lt;/button&gt; &lt;/div&gt;`</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelectorAll</span><span class="p">(</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">btn</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">btn</span><span class="p">.</span><span class="nx">onclick</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="o">+</span><span class="nx">btn</span><span class="p">.</span><span class="nx">dataset</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">item</span> <span class="o">=</span> <span class="nx">products</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span><span class="p">.</span><span class="nx">id</span> <span class="o">===</span> <span class="nx">id</span><span class="p">);</span> <span class="nx">parent</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span><span class="dl">'</span><span class="s1">cart:add</span><span class="dl">'</span><span class="p">,</span> <span class="na">payload</span><span class="p">:</span><span class="nx">item</span> <span class="p">},</span> <span class="nx">ORIGIN_PARENT</span><span class="p">);</span> <span class="p">};</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">render</span><span class="p">();</span> <span class="c1">// Request auth</span> <span class="nx">parent</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span><span class="dl">'</span><span class="s1">auth:request</span><span class="dl">'</span> <span class="p">},</span> <span class="nx">ORIGIN_PARENT</span><span class="p">);</span> <span class="c1">// Listen for messages</span> <span class="nb">window</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">ev</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">ev</span><span class="p">.</span><span class="nx">origin</span> <span class="o">!==</span> <span class="nx">ORIGIN_PARENT</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">ev</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">auth:response</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Products received token:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ev</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">payload</span><span class="p">.</span><span class="nx">token</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Ask host to adjust height</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">parent</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span><span class="dl">'</span><span class="s1">frame:resize</span><span class="dl">'</span><span class="p">,</span> <span class="na">payload</span><span class="p">:</span> <span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">scrollHeight</span> <span class="p">},</span> <span class="nx">ORIGIN_PARENT</span><span class="p">);</span> <span class="p">},</span> <span class="mi">200</span><span class="p">);</span> <span class="nt">&lt;/script&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>🛒 <u>Cart microfrontend</u> — cart/cart.html<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!doctype html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;&lt;meta</span> <span class="na">charset=</span><span class="s">"utf-8"</span><span class="nt">/&gt;&lt;title&gt;</span>Cart<span class="nt">&lt;/title&gt;&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;h3&gt;</span>Cart (iframe)<span class="nt">&lt;/h3&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"items"</span><span class="nt">&gt;</span>No items<span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="kd">const</span> <span class="nx">ORIGIN_PARENT</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">items</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">function</span> <span class="nf">render</span><span class="p">(){</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">items</span><span class="dl">'</span><span class="p">).</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">items</span><span class="p">.</span><span class="nx">length</span> <span class="p">?</span> <span class="nx">items</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">it</span> <span class="o">=&gt;</span> <span class="s2">`&lt;div&gt;</span><span class="p">${</span><span class="nx">it</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2"> — ₹</span><span class="p">${</span><span class="nx">it</span><span class="p">.</span><span class="nx">price</span><span class="p">}</span><span class="s2">&lt;/div&gt;`</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">No items</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="nf">render</span><span class="p">();</span> <span class="nb">window</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">ev</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">ev</span><span class="p">.</span><span class="nx">origin</span> <span class="o">!==</span> <span class="nx">ORIGIN_PARENT</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">msg</span> <span class="o">=</span> <span class="nx">ev</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">cart:add</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">items</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">payload</span><span class="p">);</span> <span class="nf">render</span><span class="p">();</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">type</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">auth:response</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Cart received token:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">payload</span><span class="p">.</span><span class="nx">token</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// Request token at startup</span> <span class="nx">parent</span><span class="p">.</span><span class="nf">postMessage</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span><span class="dl">'</span><span class="s1">auth:request</span><span class="dl">'</span> <span class="p">},</span> <span class="nx">ORIGIN_PARENT</span><span class="p">);</span> <span class="nt">&lt;/script&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p><strong>How to test locally</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>host <span class="o">&amp;&amp;</span> python <span class="nt">-m</span> http.server 3000 <span class="nb">cd </span>products <span class="o">&amp;&amp;</span> python <span class="nt">-m</span> http.server 3001 <span class="nb">cd </span>cart <span class="o">&amp;&amp;</span> python <span class="nt">-m</span> http.server 3002 </code></pre> </div> <ul> <li>Visit: <a href="http://localhost:3000" rel="noopener noreferrer">http://localhost:3000</a> </li> <li>Action: Click “Load Microfrontends”</li> <li>Action: Click “Add” in Products — items should appear in Cart</li> <li>Observe: Browser console logs for auth:request, auth:response, cart:add, etc.</li> </ul> <p>🔐 <strong>Security and production notes</strong></p> <ul> <li>Origin checks: Verify ev.origin for every message handler. Never trust postMessage() without origin checks.</li> <li>Iframe sandboxing: Use sandbox and grant minimal permissions (allow-scripts, allow-same-origin only if needed).</li> <li>Token handling: Prefer short-lived tokens via postMessage (not URLs).</li> <li>Transport: Serve over HTTPS in production.</li> <li>CSP: Apply strict Content Security Policy headers on remote pages.</li> </ul> <p>✅ <strong>Acceptance criteria</strong></p> <ul> <li>Host orchestration: Host loads two independent microfrontends in iframes.</li> <li>Event flow: Products iframe sends cart:add events; host forwards them to Cart iframe.</li> <li>UI: Cart displays added items correctly.</li> <li>Security: Messages are origin-checked and tokens are exchanged via postMessage.</li> <li>Isolation: Iframes can be swapped/updated independently.</li> </ul> <p><em>Jai Chinjo</em></p> microfrontends javascript vanilla beginners Vimal Maheedharan Wed, 03 Dec 2025 15:45:54 +0000 https://forem.com/vimgudy/nextjs-middleware-the-zero-latency-security-gateway-for-enterprise-apps-4fe9 https://forem.com/vimgudy/nextjs-middleware-the-zero-latency-security-gateway-for-enterprise-apps-4fe9 <p><strong>Summary</strong>: We often view Next.js Middleware as just a router, but for Architects, it's the ultimate tool for centralizing critical security checks at the edge. Stop running slow, redundant checks deep inside your API routes. It's time to leverage the Middleware for superior performance and enterprise-grade resilience.</p> <ol> <li><p><u>Zero-Latency Authentication Checks</u> Fail Fast at the Edge<br> Traditional server-side checks consume valuable compute time, but Middleware performs validation before the request even hits your core application logic.<br> <strong>The Power</strong>: By intercepting the request and checking the validity of the auth token (e.g., a signed JWT) immediately, you can execute a near zero-latency redirect for unauthenticated users.<br> <strong>Architectural Benefit</strong>: This is the ultimate "fail-fast" security principle, minimizing the attack surface and saving precious serverless function execution time.</p></li> <li><p><u>Per-Route Role-Based Access Control</u> (RBAC)<br> RBAC should be enforced at the gateway, not deep within a component. Middleware centralizes permission enforcement, preventing configuration drift across many routes.<br> <strong>How it Works</strong>: After validating the user's token, decode their roles (admin, contributor, etc.) and map them against the requested path.<br> <strong>Example Logic</strong>: If the user is requesting a path starting with /admin but their token lacks the admin scope, the Middleware immediately returns a 403 Forbidden response.<br> <strong>Enterprise Value</strong>: Ensures every new developer-created route automatically adheres to the organization's access control policy without writing boilerplate checks.</p></li> <li><p><u>Geo-Blocking and Compliance Restriction</u><br> For global enterprises, compliance and legal requirements often dictate where your content can be consumed. Middleware provides an immediate solution.<br> <strong>The Mechanism</strong>: Next.js provides access to the user's geographical data (originating from the hosting platform) via the NextRequest object.<br> <strong>Use Case</strong>: Need to restrict access to a specific product or data based on regional data sovereignty laws (like GDPR or CCPA)? Implement a simple blocklist/allowlist right in the Middleware to restrict users originating from non-compliant regions.</p></li> <li><p><u>Device Fingerprinting &amp; Bot Mitigation</u><br> The first line of defense against scraping and automated attacks should always be the fastest.<br> <strong>The Defense</strong>: Use the Middleware to inspect request headers (User-Agent, Origin, etc.) for signs of suspicious, automated activity. You can integrate third-party services here to generate a quick, unique device fingerprint.<br> <strong>Actionable Outcome</strong>: If the request appears malicious or automated, you can immediately serve a lightweight CAPTCHA challenge or block the request outright, protecting your costly API bandwidth and database resources from abuse.</p></li> </ol> <p><strong><u>Architect Takeaway</u></strong><br> Next.js Middleware isn't just a development convenience—it's a critical layer in the modern security perimeter. By placing these high-stakes checks at the edge, you simplify your backend, reduce latency, and create a fundamentally more resilient and compliant enterprise application.</p> <p><em>Jai Chinjo!</em></p> security nextjs middleware architecture Vimal Maheedharan Tue, 02 Dec 2025 18:00:39 +0000 https://forem.com/vimgudy/most-outages-are-preventable-why-your-system-needs-self-healing-yesterday-27jb https://forem.com/vimgudy/most-outages-are-preventable-why-your-system-needs-self-healing-yesterday-27jb <p><strong>Self-healing systems are basically computer systems that can fix themselves automatically when something goes wrong.</strong> </p> <p>Instead of waiting for a human to notice a problem and manually fix it ("reactive firefighting"), these systems are designed to be <strong>proactive</strong>. They are constantly watching (Continuous Monitoring) themselves to catch tiny signs of trouble or "degradation" (a slight performance drop or early error). When they find an issue, they automatically take steps to correct it (Automatic Correction). This might mean restarting a faulty component, rolling back a bad update, or isolating a sick part of the system.</p> <p><strong>Why Self-Healing Is Important?</strong></p> <ol> <li> <u>Prevents outages</u> before users feel them. Systems detect degradation (latency, memory spikes, failed health checks) and fix themselves before customer impact.</li> <li> <u>Eliminates on-call fatigue</u> by freeing Ops teams from the 3 AM 'restart the pod' or 'scale up' fire drills.</li> <li>Improves reliability &amp; <u>SLO compliance</u>. Automated correction keeps availability high without waiting for humans.</li> <li> <u>Stabilizes microservice</u> ecosystems. In distributed systems, failures cascade. Self-healing stops the chain reaction.</li> <li> <u>Faster recovery</u> = better user experience. Automated rollback / restart / resync is faster than human debugging.</li> </ol> <p><strong>Key Tools Involved in Self-Healing Systems</strong></p> <ol> <li><p>Health Detection (Identifying the “Wound”)<br> This is how the system knows something is wrong.</p></li> <li><p>Correction / Healing<br> Once a wound is identified, the corrective mechanism kicks in!</p></li> <li><p>Self-Healing Steps<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fogenz5i252e9tb5g6dz0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fogenz5i252e9tb5g6dz0.png" alt=" " width="800" height="800"></a></p></li> <li><p>What Should Be Done During &amp; After Self-Healing<br> To ensure stability, engineering must <u>treat self-healing events as signals, not noise</u>.</p></li> </ol> <p>📘 4.1. Record the healing event</p> <ul> <li>Timestamp</li> <li>Pod/container ID</li> <li>Failure reason</li> <li>Metrics snapshot</li> <li>Healing action performed</li> <li>Success/failure status</li> <li>This becomes a goldmine for RCA later.</li> </ul> <p>📊 4.2. Analyze pattern trends</p> <p>Look for:</p> <ul> <li>Pods restarting frequently</li> <li>High memory or CPU usage patterns</li> <li>Latency bursts postpartum deploys</li> <li>Issues always after autoscaling</li> <li>Node-specific failures</li> </ul> <p>🔁 4.3. Continuous RCA<br> Self-healing fixes symptoms. We must still fix root cause:</p> <ul> <li>Memory leaks</li> <li>Deadlocks</li> <li>Bad deployments</li> <li>Faulty infrastructure</li> <li>Misconfiguration</li> <li>Resource starvation</li> </ul> <p>📣 4.4. Alert human only when needed</p> <p>A healthy pattern:</p> <ul> <li>1–2 self-heals/day → OK</li> <li>3 in a short window → alert</li> <li>Continual restarts → critical alert</li> </ul> <p>🔒 4.5. Prevent recurrence</p> <p>This is where teams automate permanent fixes:</p> <ul> <li>Add throttling / rate-limit</li> <li>Add retries with jitter</li> <li>Add circuit breakers</li> <li>Improve autoscaling thresholds</li> <li>Enforce resource limits</li> <li>Improve deployment validation</li> <li>Apply Helm rollback policies</li> </ul> <p><strong>Summary</strong></p> <p>Self-healing is not just “auto restart.”<br> It’s a full ecosystem:</p> <p><strong>Detect → Diagnose → Heal → Verify → Learn → Fix permanently</strong></p> <p><em>Jai Chinjo!</em></p> devops kubernetes automation rca