今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#jamstack

找到 4 篇相关文章

AI 资讯

Using a locked-down WordPress as the form backend for my static sites

Static sites are great: fast, cheap to host, almost nothing to attack. Then you add a contact form and hit the same wall everyone hits — a static site can't process a submission. You need a backend. The usual answers are a third-party service (Formspree, Netlify Forms, Basin) or a small server you now have to babysit. Both add a dependency you don't control, a recurring bill, and — the part that bugs me most — your submission data lives on someone else's infrastructure. There's a third option I've been running for a while: one WordPress install, zero public pages, used purely as a form endpoint. Every form from every static site I own hits it. I own all the data. And because it serves no public HTML, its attack surface is close to nothing. The architecture Three pieces, each doing one job: WordPress — the backend. Locked down so hard it doesn't behave like a normal WP site anymore. A form plugin — handles building, validation, storage, email, file uploads. (I use CraftForms because it exposes a clean craftforms/v1 REST namespace and can also serve the form HTML to an external page — more on that below.) Your static frontend — Cloudflare Pages / Netlify / wherever. It either fetch es the REST endpoint on submit, or drops in an embed snippet. WordPress never serves a public request. It only processes submissions. The part that matters: locking it down The biggest WordPress attack vector isn't your host — it's outdated plugins . So the first move is brutal minimalism: one plugin, no theme, no page builder, no public frontend. A WP install with one plugin and a blocked frontend has almost no CVE surface, because none of the usual stuff is installed. The rest is one must-use plugin. Drop this in wp-content/mu-plugins/ (no activation needed) and you've blocked the four standard entry points: <?php if ( ! defined ( 'ABSPATH' ) ) exit ; // 1. Restrict the REST API to your form namespace only. // Kills user enumeration (/wp/v2/users), route discovery, the usual REST exploits

2026-06-19 原文 →
AI 资讯

Your Static Site Doesn't Need a Build Pipeline

Setting up a 10-page marketing site Count the tools. You reach for Next.js or Astro. You run npm init . There's a bundler config. PostCSS for Tailwind. A Netlify account. A GitHub repository. Environment variables for the CMS token. A build hook URL from Netlify, pasted into the CMS webhook settings so content publishes trigger a rebuild. Maybe a CI configuration file. For a 10-page marketing site. The honest question: does a 10-page marketing site need any of this? For most content-focused sites, the answer is no. How we got here The JAMstack movement was right about the fundamentals. Pre-generated static HTML served from a CDN is faster, cheaper, and more secure than server-side rendering at request time. Netlify and Vercel made this genuinely accessible. The developer tooling that emerged around it was designed well. The problem is that the tooling was designed for applications — large JavaScript codebases with complex component trees, client-side routing, and sophisticated build requirements. It's good tooling for that use case. It became the default for everything, including content sites that have no more complexity than a Markdown file and a CSS stylesheet. When the tool doesn't fit the problem, you inherit the cost of the tool without the benefit. What the build pipeline actually costs Setup time. Getting a new project from blank to deployed with a modern build pipeline takes a few hours if you know the stack, longer if you're making decisions. Framework version, bundler config, PostCSS, Tailwind setup, environment variable management, deploy configuration. That's before you've written a single line of page-specific code. Maintenance surface. Every dependency is something that can break. Node version compatibility, framework major version upgrades, bundler updates, plugin compatibility matrices. A project set up in 2022 may require non-trivial work to update in 2026. For a client site, that maintenance either falls on your agency or accumulates as technical

2026-06-07 原文 →
AI 资讯

Contentful vs. Sanity vs. SleekCMS: A Practical Comparison for Developer Teams

Start here This post assumes you have a project and you're trying to pick a tool. It skips the marketing and goes to the technical and economic decisions that actually matter when you're doing the evaluation. All three of these platforms — Contentful, Sanity, and SleekCMS — are used in production by serious teams. The comparison is not going to tell you one of them is bad. It's going to tell you which scenarios each one is genuinely suited for, so you can match your project to the right tool. The three platforms at a glance Contentful is an enterprise-grade headless CMS with a long history of production deployments, a large ecosystem of integrations, and pricing that becomes significant at scale. It's the established choice for large organisations with existing Contentful investment. Sanity is a developer-first headless CMS with a flexible schema system, real-time collaborative editing, and GROQ — a query language purpose-built for content graphs. It has a strong developer community and a genuinely modern developer experience. SleekCMS is a headless CMS with an integrated static site builder. Structured content with REST and GraphQL APIs, a TypeScript-native client library, and the option to generate and deploy a static site from the same content models without maintaining an external frontend stack. Content modeling All three support structured content modeling. The differences are in how you define models and what the system supports natively. Contentful uses a GUI-based model builder in the dashboard. You create content types and add fields through a point-and-click interface. Solid for teams who prefer a visual setup; less ideal if you want models version-controlled as code. Sanity defines schemas in TypeScript or JavaScript config files — committed to your repository, version-controlled, and composable like code. This is Sanity's strongest differentiator for teams who think in code-first workflows. The schema definition is expressive and the TypeScript integrat

2026-06-07 原文 →
AI 资讯

How We Built a Client Site in a Single Afternoon Using AI and @sleekcms/sync

The brief Small professional services firm. Needed a clean marketing site: homepage, services section with individual service pages, about page, a blog, and a contact form. Timeline: tight. Budget: fixed. The kind of project where the question isn't whether you can build it — it's whether you can build it without spending three days on project scaffolding before writing a single line of content-specific code. This is what that afternoon looked like. One command to start The cms-sync is the entry point. One command creates the local workspace and starts the file watcher: npx @sleekcms/sync --token YOUR_AUTH_TOKEN On first run, the workspace appears with three files before you've written anything: my-site/ ├── CLAUDE.md ├── AGENT.md └── .vscode/ └── copilot-instructions.md These context files are the key. CLAUDE.md for Claude and Claude Code. AGENT.md for GitHub Copilot in agent mode. .vscode/copilot-instructions.md for GitHub Copilot in VS Code. Each contains the complete SleekCMS site-building reference — file naming conventions, model syntax, template helpers, field types, content format. Open the workspace in Cursor (or VS Code with Copilot, or Claude Code). The AI already knows how to build a SleekCMS site. No setup prompt, no pasting documentation. The prompt We kept it realistic — not a paragraph of precise technical specification, but the kind of description you'd give a developer on a call: Build a professional services marketing site with: - A homepage with a hero section, services overview, client logos, and a contact CTA - A services page listing all services, and individual service detail pages - An about page - A blog with individual post pages - A shared header and footer - A contact form - Tailwind CSS styling - SEO meta tags on every page What the AI generated The output was a complete set of working files: models/pages/_index.model models/pages/services.model models/pages/services[].model models/pages/about.model models/pages/blog[].model models/page

2026-06-07 原文 →