Sandboxing micro frontends
In Chapter 14, we already learned that security is not so easy to achieve with micro frontends. While the server side can be secured quite nicely—for instance, by requiring dedicated servers for each micro frontend—the client side presents the actual problem. If we let any micro frontend decide autonomously what goes in, we could have a security issue.
Another thing we already touched on in Chapter 6 is that micro frontends can use native web technologies such as inline frames. An <iframe>
element presents an elegant way of sandboxing parts of an application coming from other sources. On the other hand, we’ve noticed that inline frames also present real challenges. While some of these can be solved rather easily, others are a lot more difficult, or even impossible, to mitigate.
So, what options do we have to sandbox the frontend in the client? Let’s recap:
- Use inline frames with well-chosen
sandbox
attributes...