[Diederich]

I hear what you're saying, but it doesn't have to be so.

All of the web apps I make at work are all javascript in a page apps. But before I start doing any of that, I make a REST API. 100% of the interaction between javascript and the web server is REST.

There are many reasons for this, but a key one is that it allows easy command-line or programatic interaction. Much easier than with traditional, server generated web apps.

[sbilstein]

Same here. Increasingly products I work on do almost no server side templating; frontend templates call REST services that I can test with curl, postman, or other tools.

[tsax]

Are there any downsides to this design?

[sbilstein]

Not really, you can achieve this using a Rails (or rails-like thing like Play) very easily and use in their built CSRF, SSL, etc. but this type of design also makes it easy to build from scratch (which may lead you down the path of reinventing things).

SPA + restful endpoints makes it easy to pick a library centric approach vs. a framework approach but it certainly does not preclude you from using a framework.

I guess people who disable javascript don't get to use your site...but I don't really care about that segment of the population.

[Diederich]

I've also found it easier to secure my apps. The attack surface seems to be much smaller.