• Overview
@angular/ssr/node

AngularNodeAppEngine

Class

Angular server application engine. Manages Angular server applications (including localized ones), handles rendering requests, and optionally transforms index HTML before rendering.

API

    
      class AngularNodeAppEngine {  constructor(options?: AngularNodeAppEngineOptions | undefined): AngularNodeAppEngine;  handle(request: IncomingMessage | Http2ServerRequest | Request, requestContext?: unknown): Promise<Response | null>;}

constructor

AngularNodeAppEngine

Creates a new instance of the Angular Node.js server application engine.

@paramoptionsAngularNodeAppEngineOptions | undefined

Options for the Angular Node.js server application engine.

@returnsAngularNodeAppEngine

handle

Promise<Response | null>

Handles an incoming HTTP request by serving prerendered content, performing server-side rendering, or delivering a static file for client-side rendered routes based on the RenderMode setting.

This method adapts Node.js's IncomingMessage, Http2ServerRequest or Request to a format compatible with the AngularAppEngine and delegates the handling logic to it.

@paramrequestIncomingMessage | Http2ServerRequest | Request
  • The incoming HTTP request (IncomingMessage, Http2ServerRequest or Request).
@paramrequestContextunknown
  • Optional context for rendering, such as metadata associated with the request.
@returnsPromise<Response | null>
Usage notes

A request to https://www.example.com/page/index.html will serve or render the Angular route corresponding to https://www.example.com/page.

To prevent potential Server-Side Request Forgery (SSRF), this function verifies the hostname of the request.url against a list of authorized hosts. If the hostname is not recognized and allowedHosts is not empty, a Client-Side Rendered (CSR) version of the page is returned otherwise a 400 Bad Request is returned.

Resolution: Authorize your hostname by configuring allowedHosts in angular.json in: projects.[project-name].architect.build.options.security.allowedHosts. Alternatively, you can define the allowed hostname via the environment variable process.env['NG_ALLOWED_HOSTS'] or pass it directly through the configuration options of AngularNodeAppEngine.

For more information see: https://angular.dev/best-practices/security#preventing-server-side-request-forgery-ssrf

Usage Notes

This class should be instantiated once and used as a singleton across the server-side application to ensure consistent handling of rendering requests and resource management.

Jump to details