Update TaskMuncher to use React BrowserRouter

Using BrowserRouter rather than HashRouter

Update TaskMuncher to use React BrowserRouter

by John Vincent

Posted on January 25, 2019

Let's discuss updating TaskMuncher to use BrowserRouter rather than HashRouter.

TaskMuncher Version 3

TaskMuncher Version 3 also has some changes to address various ESLint problems.

For extensive discussions regarding TaskMuncher, please see TaskMuncher Overview

React HashRouter

HashRouter works great. It produces urls with, well, hashes, which some people love and which others love not quite so much. For example


Replace with BrowserRouter

Routes will now be of the form


which is probably what most users will expect to see.

Update TaskMuncher

All routes are in /routes/index.jsx, which allows for

  • Simple application architecture
  • Code that is easy to build and maintain
  • Provides for simple code splitting
  • Easily allows for components that extend the behavior of routing. For example PrivateRoute and SignedInRoute

To replace HashRouter with BrowserRouter, change

import { HashRouter as Router, Route, Switch, Redirect } from 'react-router-dom';


import { BrowserRouter as Router, Route, Switch, Redirect } from 'react-router-dom';


Use of anchor tag now has to refer only to external urls. All else must use the Link tag from 'react-router-dom'

For example, changed

<a href="#join">Sign up here</a>


<Link to="/join">Sign up here</Link>

Node Server

Several emails contained TaskMuncher Urls. config/email.js was changed to create Urls without the hash tag.

Dev Server

Update webpack.config.js, added publicPath: '/',

	config.output = {
		path: DIST_FOLDER,
		publicPath: '/',
		chunkFilename: '[name].bundle.js',
		filename: '[name].bundle.js'

Update webpack.config.js, added historyApiFallback: true,

config.devServer = {
		contentBase: DIST_FOLDER,
		compress: false,
		// inline: true,
		port: 8065,
		clientLogLevel: 'info',
		historyApiFallback: true,
		proxy: {
			'/api/**': {
				target: 'http://localhost:3001',
				changeOrigin: true,
				secure: false

Production Server

The switch to BrowserRouter revealed a basic weakness.

An attempt to access a non-existent endpoint would cause a 404.

Let's fix that.

TaskMuncher nginx config, add

   location / {
      try_files $uri /index.html;

after server_name, thus

    server_name www.taskmuncher.com;

   location / {
      try_files $uri /index.html;


The sidebar menu options are now dynamic and only display if there is data related to the menu option.

Admin Subsystem

Added delete user for an Admin user.

Encrypted Passwords

A late change in V2 regarding encrypted passwords caused a problem with Change Password. This was fixed in api/reset/reset.controller.js

ESLint changes

Added to package.json scripts section

"lint": "eslint 'src/**/*.{js,jsx}' --quiet",

Running the command revealed some problems.

Toggling state

A common problem. Although not causing any problems, the original code is not strictly correct.

For example MemberMain.jsx

toggleAddGoalDialog = () => this.setState({ addGoalDialogOpen: !this.state.addGoalDialogOpen });

should use a callback, thus was changed to

toggleAddGoalDialog = () => this.setState(prevState => ({ addGoalDialogOpen: !prevState.addGoalDialogOpen }));

or more simply, HomeLayout.jsx

this.setState({ mobileOpen: !this.state.mobileOpen });

was changed to

this.setState(prevState => ({ mobileOpen: !prevState.mobileOpen }));


this.setState({	...this.state, ...errors });

was changed to

this.setState(prevState => ({ ...prevState, ...errors }));


npm install shows

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

npm audit shows

Package: webpack-dev-server
High: Missing Origin Validation
More Info: https://nodesecurity.io/advisories/725

Advisories are now to be found at npm, for example



Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.


Update to version 3.1.11 or later.

The Fix

npm install --save-dev webpack-dev-server@3.1.14 


npm audit shows

Package: morgan
High: Missing Origin Validation
More Info: https://nodesecurity.io/advisories/736


Versions of morgan before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.


Update to version 1.9.1 or later.

The Fix

npm install morgan@1.9.1 


Update react-big-calendar to the latest version.

npm install --save react-big-calendar@0.20.3 

Copy the css from




Material-UI Pickers

material-ui-pickers issuing warnings about Material-UI deprecations.

Update material-ui-pickers to the latest version.

npm install --save material-ui-pickers@2.1.2

the later version now requires

npm install --save @date-io/moment

The date pickers require a change from

import MomentUtils from 'material-ui-pickers/utils/moment-utils';
import MuiPickersUtilsProvider from 'material-ui-pickers/utils/MuiPickersUtilsProvider';


import MomentUtils from '@date-io/moment';
import MuiPickersUtilsProvider from 'material-ui-pickers/MuiPickersUtilsProvider';