[twerquie]

There is a difference between web pages and web applications, and Meteor is built for the latter. There is no such thing as a progressive enhancement path in many cases. If your firewall (?) strips out JS, then you are on a broken network.

How does it do that anyway? Most sites are HTTPS.

[pdkl95]

Yes, there is a difference between pages and apps. You should still not send only empty body tag. Click link, see blank page - how am I to know what kind of page it is? I'm really only referring to documents (like www.meteor.com, I presume - I can't actually read it from this computer as it's a blank page). Even on "web apps", there should really be at least an error indicating that the app only works with JS, or maybe a link to a fallback/alternative if appropriate.

Note: a search page is not an "app". Progressive enhancement works just fine in almost every case that isn't a purely interactive app (i.e. google maps or a game). It is trivial to render, as needed, the HTML template with the header/footer, or a layout-free snippit, or simplee JSON, or whatever else is needed. This was basically zero extra work in Rails years ago, so I don't see why it can't be done now.

As for stripping JS, that is easy, and done for security reasons. Yes, this requires a custom cert so the firewall can MITM the connection, which most businesses do anyway. No, this does not make it a broken network. Javascript is optional, and always has been. ( http://www.sitepoint.com/javascript-dependency-backlash-myth... )

[trcollinson]

There is actually nothing in meteor which states that you have to have only a body tag in your html. In fact, you can very simply render html headers, footers, and other static html without javascript. You can also handle 404 and send static pages for such appropriately. If someone has misinformed you, do take their opinion as nothing more than nonsense.

Now if you happen to run across a site which does not handle this properly, that is not shocking in any way. I have found that generally speaking those who disable javascript often complain about sites which extensively use javascript. They say things like "you can't assume that everyone has javascript enabled", "javascript is a security hazard and you can't expect me or anyone else to run a site with such a blatant vulnerability", and "how dare sites use such shotty technology to give an experience, they need to realize we need the same experience but without all of the vulnerabilities". The list of complaints go on and on.

The reality of the situation is this: as someone who makes consumer applications for profit, most of us don't care about you. If you are willing to turn off javascript, you are probably not my target user. If you work in an organization which does something so stupid as to break ssl in order to commit mitm attacks on your own employees in the name of security, you are probably not my target user. I do this for profit, not to cover ever last edge case known to man for every "security conscious" consumer of the Web. I worry about the security of my actual users. I worry about giving them the best possible experience. I care that they can use the product and enjoy it and will come back again and again. Javascript is optional for you, but it is not option for my applications. Hundreds of thousands of my users don't seen to mind.

[pdkl95]

> nothing in meteor

That's actually very informative. ?I guess www.meteor.com is one of those sites that doesn't handle it properly? I? have no idea.

> Hundreds of thousands of my users don't seen to mind.

Really? Have you asked them?

Hundred of thousands of your users probably have no idea whatsoever what their browser is doing, and it is disingenuous to say that they "don't mind" - especially when javascript is used for things like tracking reading times and other things probably call "analytics" and a lot of us call "spying".

> I worry about the security of my actual users.

Apparently not - you just make sure your users can only be people who know nothing about modern network security.

Remember, I'm not saying javascript applications are bad or that you shouldn't write them[1]. I'm saying you shouldn't leave your precious "user experience" in the case where javascript is not available as a totally-useless, non-informative blank page. Which many sites have started to do, www.meteor.com included. Thqt''S IT. All this arguing about javascript is missing the point.

[1] At most, I only suggested that a lot of the time what is being made is not an application", but a fairly simple document. The only reason javascript could be needed (isntead of progressively enhanced) on something like a simple search page is if you are trying to run spyware (such as google-analytics) in the background, behind the user's back.