To be fair, this is a rehash of Just Say No to Nozzles, but it’s worth rehashing.
A recent conversation went like this:
- We’ve managed to make the HTML render correctly
- Next we need to pass it to the converter to make it PDF
- But how can we allow the converter to get around the security layer of the website?
- We could maybe add a different authentication route?
- Or maybe leave this page unauthenticated, but have a token to validate the request, so it’s blank unless you’re the server who knows how to create that token
Question – do we need the HTML?
Answer – actually yes – it allows us to make dynamic PDFs more easily than writing straight to the doc
Question – are we generating HTML in a good way?
Answer – again yes – Thymeleaf is doing a great job and we’re using it elsewhere in the system
Question – who else looks at this page in a browser?
Answer – nobody
Then we need to find the shortest route from the HTML generate to the PDF converter, and there’s no reason HTTP should be involved, so we don’t need authentication or any of that.
Solution – find a way to get the HTML rendered outside of a web request, and pass it direct to the converter.
So, rather than add more until it works, we reverse until we run out of things we can remove/replace, and then we move forward from there to the simplest solution.