authentication authorization – SSO between headless Drupal and frontend

I have a headless Drupal instance as backend and frontend in React JS. I am using Simple OAuth 2.0 for authorization and all the end points work fine with authorization. Now I have a use case where I need a User to login to frontend which happens with the simple Oauth 2.0 endpoint ‘/oauth/token’. Once the user logs in, they land to frontend home page and there is a link to backend, which if clicked should automatically log in the user to backend (Drupal site).

I have tried multiple options like login endpoints provided by JSON API, which successfully authenticate the user, creates a session in backend and sent cookie in response, which is received by React JS but couldnt be saved. DUe to this, the access to backend from frontend is always considered as unauthorized or Anonymous user request.

I tried to login user programatically too, but it lands me in ‘/contextual/render’ error for many of the pages in admin section of backend.

Please help me in creating a SSO for both backend and frontend.

Frontend – Is there a way to disable or enable text wrapping in cells?

I am trying to generate "Program" Cells, but my problem is different "Code" Cells, "Program" Cells automatically start wrapping text when the line is too long for the screen. Is there an option or something to do this "Program" Cells have no text wrap, so very long lines of code may disappear from the screen, but remain on the same line as "Code" Cells.

Here is an example "Program" Cell:

    StyleBox["Code:",FontWeight->"Bold"],"   ",
    " ... very long piece of code "<>long,"n",
    " ... very long comment ......"<>long
}], "Program"]

Here is an example "Code" Cell:

    StyleBox["Code:",FontWeight->"Bold"],"   ",
    " ... very long piece of code "<>long,"n",
    " ... very long comment ......"<>long
}], "Code"]

php – Securely render emojis on front-end and post to backend

I am creating a wordpress plugin which allow user to select different emojis with text. I am then making a fetch request to back end to update with selected emoji. Right now I am just rendering a picture. and it saved as a hard coded emoji in .php file. However I could be adding more emoji’s later.

My question is

  • How can I verify text posted / rendered is actually an emoji (ie.
    sanitise it?)
  • How I can ensure emoji is safe to render on FE and then
    make a fetch/ajax post request to backend and have the emoji
    secured with encoding/decoding?
// Render from Backend to frontend JS constant
const moodList = <?php echo json_encode( ('😀 - smile', '😁 - grin', '😂 - tears of joy', '🤣 - rofl', '😅 - smiling cold sweat') ); ?>

// Update my HTML
const moodlist = ('😀 - smile', '😁 - grin', '😂 - tears of joy', '🤣 - rofl', '😅 - smiling cold sweat') 

document.querySelector('.moods').innerHTML = moodlist.join(' ');

Thanks a bunch in advance.

Architecture – design a BI dashboard system – data aggregation logic in the frontend or backend?

I work with a system that is very similar to a BI dashboard. For example, suppose the dashboard shows some of the company's business metrics, such as B. Sales, Refund, Number of Orders, Average Order Value, etc.

The data for one year is displayed on the front end. The daily value for one year is currently displayed in a line chart. However, later the user will be able to select various aggregation options, e.g. For example, data is aggregated by year, week, month, etc. (or after 7 days, 14 days, etc.). Yes, this is not yet known point). In the backend we use a Big Data Warehouse solution (SQL) and a Node.js server

Now I'm thinking about 3 options and I'm not sure which approach to take. If you want to share some experiences / insights, this will be greatly appreciated!

1) The aggregation logic in the backend, especially the data layer, basically performs the aggregation in SQL queries.

pro: 1) fast 2) scales well as the data size grows (let's say we show 3 year data, more metrics)

con: 1) If the logic of query aggregation changes (e.g., from calendar month / week to consecutive x days), most queries may be rewritten (may not be true if this is the case). 2) Need more work to set up a solid test.

2) Aggregation logic in the backend, especially on the application layer. Basically, the query returns daily data points and the application processes the aggregation logic.

pro: 1) easier to change if the aggregation logic changes (relatively)

con: 1) slower than this in the data layer (more network traffic, voice performance difference, more load on the server) 2) worse scaled compared to the data layer approach

3) Aggregation logic in the frontend, most diagram libraries support various aggregation scenarios. Basically, api returns all daily data points.

pro: 1) very flexible if the aggregation logic changes.

con: 1) slow (network traffic, browser engine, we also support mobile, so it can be very bad on mobile) 2) scales the wort

Uploads – How do I get the upcoming post ID from the frontend?

When I search with "Next Post ID" I get navigation for the previous / next post, but my question has nothing to do with it.

When we try to create a new post in the WordPress admin area, the post is automatically saved as "Auto-Draft" and the post ID is inserted into the form as a hidden field with the name post_id. So when the mail is submitted, the $_REQUEST['post_id'] was issued.

I'm trying to move uploaded attachments with a custom post type to the directory below uploads/ to like uploads/my-dir/my-item-{post_id}. I follow Rian Rietveld's cutout for the move. And attachments from the admin panel move perfectly.

But the problem is, I can't pass a hidden field with Post-ID from the frontend, that is $_REQUEST['post_id'] is deactivated and the filter does not work. The attachments are uploaded to the typical year-month directory.

The question I have could be answered as follows:

  1. How can I get the upcoming Post-ID in the frontend? or,
  2. How to add filters upload_dir with a provisional $post_id instead of going through $_REQUEST?

Teamwork – API design and front-end implementation

It was very uncomfortable for me to write business logic code that I think is the backend. For example, our user interface shows that the refund amount must be displayed. I assume that the answer has a refundable amount, and I just take the value and display it in my web application. But guess I have to check a deeply nested object in the answer.


{ billing: {price: 10, cancellable_price:{ some_other_type_of_amount } }}

I don't scold that I need to normalize the structure, but I write business logic to do really simple things. For example, billing can be an empty object, which I have to do. Why is this not dealt with in the back end and properly documented for the front end?

If the front end handles many cases of business logic, it is unfair to users, the web application, or the size of the mobile app. Imagine that the developer of mobile apps has to write the same business code as me. Isn't that a waste of time and more difficult to maintain?

Beginners – hey, new front-end web developer – would like some tips on my CSS code

I want to do it responsively, but I only know a few media queries.
This code in Summery is a rotating bottom that alternates between a simple gradient and an image as it floats.
What I want to do is make it smaller as the viewport gets smaller.

Thanks in advance!

:root {
        --sz: 12.5em;
        --rd: 50em;
        --opcTime: 0.7s;

      .text {
      text-shadow: 1px 1px #ff0000;
      white-space: nowrap;
      position: relative;
      transform: translate(-50%, -50%);
      text-align: center;
      color: #9c5032;
      font-family: Cambria, Cochin, Georgia, Times, 'Times New Roman', serif;
      top: 50%;
      left: 50%;
      opacity: 1;

    .rotate {
      width: var(--sz);
      height: var(--sz);
      border-radius: var(--rd);
      position: relative;
      transform: rotate(0deg);
      transition: transform 1.5s ease-in-out;

    .rotate:hover {
      transform: rotate(360deg);


    /* CIRCLE ZERO */

    .circle {
      position: relative;
      background-image: linear-gradient(
        to right,
      z-index: 1;
      width: var(--sz);
      height: var(--sz);
      border-radius: var(--rd);

    .circle::before {
      position: absolute;
      content: "";
      background-image: url(imgs/mat1.jpg);
      background-size: cover;
      z-index: -1;
      transition: opacity var(--opcTime) ease-in;
      opacity: 0;
      width: var(--sz);
      height: var(--sz);
      border-radius: var(--rd);

    .circle:hover::before {
      opacity: 1;

    .pos0 {
      position: relative;
      top: 4px;

Design – WebApp that asks dynamic resources from the backend to the frontend

We are building an e-commerce site.

We want to develop some generic REST API modules that are available to different customers.

On the FE side, each domain should disclose certain customers' products, pages, CSS, HTML and assets.

We think about this architecture:

  1. An intra-resource server should make all assets available to customers / domains available via http
  2. A REST API backend
  3. An angular front end

So if I want to display some product information:

  1. FE requests the product key from BE
  2. BE Call the resource server, call all resources (HTML, CSS, JS) via http and return a JSON as follows:

        html: "",
        css: "",
        js: "
  3. FE injects the result on its template page

What do you think of this architecture in general? Do you know of any other mechanism for inserting dynamic pre-made templates?