Master list of Flask features we're missing

[cpsievert]

Similar to dash, dasher takes a fiery (flask) server as input to the initialization method, and also exposes (modified version of) that server as a field, for example:

import flask
import dash

server = flask.Flask(__name__)
app = dash.Dash(__name__, server=server)
app.server # the flask server

library(fiery)
library(dasher)

server <- Fire$new()
app <- Dash$new(server = server)
app$server # the fiery server

This allows folks to add/customize functionality of the underlying web server, which is great, but is bound to lead to scenarios where something is possible/easy in flask, but isn't (yet) easy-to-do via fiery. This comment/issue serves as a 'master list' of those (currently known) features (which I'm hoping will help us organize/delegate/motivate @thomasp85 into implementing more fiery methods/plug-ins):

• Deployment http://flask.pocoo.org/docs/0.12/deploying/
• CSRF protection Easy-to-use protection from cross-site request forgery (CSRF) thomasp85/firesafety#4
  (UPDATE: this won't be necessary Find an equivalent to SeaSurf()._generate_token() in R for CSRF protection #2)

[cpsievert]

@chriddyp I'm not super familiar with Flask, so if you think there is anything that is absolutely essential that may not be obvious from studying the dash ecosystem, please let me know!

[chriddyp]

I've tried to keep the list of flask specific things as small as possible.

• Auth is hand-rolled (https://github.com/plotly/dash-auth) with standard HTTP stuff and cookies
• Dash-Python uses gzip but that can be done on the server layer too
• Dash-Python optionally serves files locally instead from CDNs - alternative implementations will need to be able to serve files
• Deployment for R should be able to use https://github.com/virtualstaticvoid/heroku-buildpack-r/tree/heroku-16 for heroku and Plotly On Prem deployment

AFAIK, users are only accessing the underlying web server (app.server) to:

• Add additional HTTP routes like static file serving
• Access the requests cookies (we can use this to allow developers to access the username of the logged-in viewer)

[cpsievert]

Great, seems like most of things are already doable given @thomasp85's fiery/routr/reqres framework.

[thomasp85]

Yeah - there're no deal breakers here - I'm planning to add standard authentication tools to firesafety, but if js dash uses a custom setup this will just have to be made custom in R as well...

fiery supports, automatic packing, unpacking of bodies using gzip, deflate, and brotli

fiery has no problem serving static content and routr even has a plugin route for mapping URL paths to subdirectories...

I have no experience with heroku so here we'll have to experiment - I cannot see why there should be any problems though (famous last words)