[lukevp]

SPAs require implementing safety checks on both sides in 2 different languages. Many junior devs believe the client code is trustworthy and put important validation only in the client. I’ve worked with many codebases like this. If there’s only one place to specify validation, it should always be the server. So server side frameworks have this built in to their model and thus are less susceptible to this whole class of bugs.

[leptons]

>SPAs require implementing safety checks on both sides in 2 different languages.

Nodejs is quite popular. One language works on front-end and back-end. Like any language, security is up to the developers.

>Many junior devs believe the client code is trustworthy and put important validation only in the client.

Who is letting "junior devs" make these decisions? It sounds like they deserve to be hacked.

[hirvi74]

> SPAs require implementing safety checks on both sides in 2 different languages.

This isn't exclusive to SPAs. For example, I am a .Net dev, and I have both front-end and back-end validation in most of my applications without ever using any SPA frameworks.

If I am in a pinch for time, I sometimes just drop front-end validation completely, and let the server handle the validation and then have the front-end handle the server validation responses accordingly.