From 68092cfae26dae2203451aa5bcf0a88506564f1d Mon Sep 17 00:00:00 2001
From: Justin Gordon <justin@shakacode.com>
Date: Sun, 28 Sep 2025 10:21:23 -1000
Subject: [PATCH 1/5] Move SSR server bundle to private directory

- Configure webpack to output server bundle to app/assets/builds/
- Update React on Rails config to load server bundle from private location
- Add private directories to .gitignore to keep server bundles private

This follows React on Rails best practices by keeping server-side rendering
bundles in a private directory separate from public client assets for security.
---
 .gitignore                            | 7 +++++++
 config/initializers/react_on_rails.rb | 3 ++-
 config/webpack/serverWebpackConfig.js | 4 +++-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7567a8b74..2aa4abcf0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,3 +52,10 @@ lib/bs
 /lib/ocaml
 
 client/app/bundles/comments/rescript/**/*.bs.js
+
+# Server-side rendering bundles (private)
+app/assets/builds/
+
+# Generated files
+client/app/generated/
+ssr-generated/
diff --git a/config/initializers/react_on_rails.rb b/config/initializers/react_on_rails.rb
index e82f4d78e..b9eee982a 100644
--- a/config/initializers/react_on_rails.rb
+++ b/config/initializers/react_on_rails.rb
@@ -12,7 +12,8 @@
   # If you are never using server rendering, you may set this to "".
   # If you are using the same file for client and server rendering, having this set probably does
   # not affect performance.
-  config.server_bundle_js_file = "server-bundle.js"
+  # Server bundle is now in a private directory (not in public/)
+  config.server_bundle_js_file = Rails.root.join("app", "assets", "builds", "server-bundle.js").to_s
 
   # React on Rails 16 compatibility: Workaround for removed error handling
   #
diff --git a/config/webpack/serverWebpackConfig.js b/config/webpack/serverWebpackConfig.js
index 3dd0588dc..04b7feed7 100644
--- a/config/webpack/serverWebpackConfig.js
+++ b/config/webpack/serverWebpackConfig.js
@@ -45,12 +45,14 @@ const configureServer = () => {
 
   // Custom output for the server-bundle that matches the config in
   // config/initializers/react_on_rails.rb
+  // Output to a private directory for SSR bundles (not in public/)
+  const path = require('path');
   serverWebpackConfig.output = {
     filename: 'server-bundle.js',
     globalObject: 'this',
     // If using the React on Rails Pro node server renderer, uncomment the next line
     // libraryTarget: 'commonjs2',
-    path: config.outputPath,
+    path: path.resolve(__dirname, '../../app/assets/builds'),
     publicPath: config.publicPath,
     // https://webpack.js.org/configuration/output/#outputglobalobject
   };

From 27df4bc56b6a739f39e2a087f89c4d544a652e40 Mon Sep 17 00:00:00 2001
From: Justin Gordon <justin@shakacode.com>
Date: Sun, 28 Sep 2025 11:43:36 -1000
Subject: [PATCH 2/5] Fix React on Rails config to use proper
 server_bundle_output_path

Use the correct React on Rails 16+ config option 'server_bundle_output_path'
instead of incorrect 'server_bundle_js_file_path'. The server_bundle_js_file
should remain just the filename, not a full path.
---
 config/initializers/react_on_rails.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/config/initializers/react_on_rails.rb b/config/initializers/react_on_rails.rb
index b9eee982a..a4ad38446 100644
--- a/config/initializers/react_on_rails.rb
+++ b/config/initializers/react_on_rails.rb
@@ -12,8 +12,11 @@
   # If you are never using server rendering, you may set this to "".
   # If you are using the same file for client and server rendering, having this set probably does
   # not affect performance.
-  # Server bundle is now in a private directory (not in public/)
-  config.server_bundle_js_file = Rails.root.join("app", "assets", "builds", "server-bundle.js").to_s
+  config.server_bundle_js_file = "server-bundle.js"
+  
+  # Server bundle output path for private SSR bundles (React on Rails 16+)
+  # This keeps server bundles separate from public assets for security
+  config.server_bundle_output_path = "app/assets/builds"
 
   # React on Rails 16 compatibility: Workaround for removed error handling
   #

From 7fcef624d86a5ba331c35bc5fe5e9c7ee3ed5cfa Mon Sep 17 00:00:00 2001
From: Justin Gordon <justin@shakacode.com>
Date: Sun, 28 Sep 2025 12:04:22 -1000
Subject: [PATCH 3/5] Use React on Rails default 'ssr-generated' for server
 bundle path

Per code review, use the documented default value 'ssr-generated' for
server_bundle_output_path instead of a custom path. This follows the
React on Rails 16 conventions and matches the framework defaults.
---
 .gitignore                            | 6 +++---
 config/initializers/react_on_rails.rb | 3 ++-
 config/webpack/serverWebpackConfig.js | 3 ++-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2aa4abcf0..968086ec2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,8 +54,8 @@ lib/bs
 client/app/bundles/comments/rescript/**/*.bs.js
 
 # Server-side rendering bundles (private)
-app/assets/builds/
+# Using React on Rails default directory
+/ssr-generated/
 
 # Generated files
-client/app/generated/
-ssr-generated/
+/client/app/generated/
diff --git a/config/initializers/react_on_rails.rb b/config/initializers/react_on_rails.rb
index a4ad38446..a1b90dd76 100644
--- a/config/initializers/react_on_rails.rb
+++ b/config/initializers/react_on_rails.rb
@@ -16,7 +16,8 @@
   
   # Server bundle output path for private SSR bundles (React on Rails 16+)
   # This keeps server bundles separate from public assets for security
-  config.server_bundle_output_path = "app/assets/builds"
+  # Using the default from React on Rails docs
+  config.server_bundle_output_path = "ssr-generated"
 
   # React on Rails 16 compatibility: Workaround for removed error handling
   #
diff --git a/config/webpack/serverWebpackConfig.js b/config/webpack/serverWebpackConfig.js
index 04b7feed7..af3a66899 100644
--- a/config/webpack/serverWebpackConfig.js
+++ b/config/webpack/serverWebpackConfig.js
@@ -46,13 +46,14 @@ const configureServer = () => {
   // Custom output for the server-bundle that matches the config in
   // config/initializers/react_on_rails.rb
   // Output to a private directory for SSR bundles (not in public/)
+  // Using the default React on Rails path: ssr-generated
   const path = require('path');
   serverWebpackConfig.output = {
     filename: 'server-bundle.js',
     globalObject: 'this',
     // If using the React on Rails Pro node server renderer, uncomment the next line
     // libraryTarget: 'commonjs2',
-    path: path.resolve(__dirname, '../../app/assets/builds'),
+    path: path.resolve(__dirname, '../../ssr-generated'),
     publicPath: config.publicPath,
     // https://webpack.js.org/configuration/output/#outputglobalobject
   };

From 71a82578fe763349c8003af6756d37025be1bffd Mon Sep 17 00:00:00 2001
From: Justin Gordon <justin@shakacode.com>
Date: Sun, 28 Sep 2025 12:10:51 -1000
Subject: [PATCH 4/5] Fix linting: Move path require to top of file

Move the require('path') statement to the top of serverWebpackConfig.js
with other require statements to follow proper code organization.
---
 config/webpack/serverWebpackConfig.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/webpack/serverWebpackConfig.js b/config/webpack/serverWebpackConfig.js
index af3a66899..a6e9631d8 100644
--- a/config/webpack/serverWebpackConfig.js
+++ b/config/webpack/serverWebpackConfig.js
@@ -1,6 +1,7 @@
 // The source code including full typescript support is available at:
 // https://github.com/shakacode/react_on_rails_tutorial_with_ssr_and_hmr_fast_refresh/blob/master/config/webpack/serverWebpackConfig.js
 
+const path = require('path');
 const { config } = require('shakapacker');
 const commonWebpackConfig = require('./commonWebpackConfig');
 
@@ -47,7 +48,6 @@ const configureServer = () => {
   // config/initializers/react_on_rails.rb
   // Output to a private directory for SSR bundles (not in public/)
   // Using the default React on Rails path: ssr-generated
-  const path = require('path');
   serverWebpackConfig.output = {
     filename: 'server-bundle.js',
     globalObject: 'this',

From dcfb74fe342028d045297f1fe1e495a94af924cd Mon Sep 17 00:00:00 2001
From: Justin Gordon <justin@shakacode.com>
Date: Sun, 28 Sep 2025 13:56:55 -1000
Subject: [PATCH 5/5] rubocop autofix

---
 config/initializers/react_on_rails.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/react_on_rails.rb b/config/initializers/react_on_rails.rb
index a1b90dd76..da06ed881 100644
--- a/config/initializers/react_on_rails.rb
+++ b/config/initializers/react_on_rails.rb
@@ -13,7 +13,7 @@
   # If you are using the same file for client and server rendering, having this set probably does
   # not affect performance.
   config.server_bundle_js_file = "server-bundle.js"
-  
+
   # Server bundle output path for private SSR bundles (React on Rails 16+)
   # This keeps server bundles separate from public assets for security
   # Using the default from React on Rails docs