Documentation

Welcome to the Latte web documentation. The pages below walk through everything you need to build a web application — from a minimal “Hello, world!” to a fully authenticated JSON API.

Getting Started

• Getting Started - Install Latte, scaffold a project, and run the server
• Project Layout - What latte init web creates and how it’s wired together

Building Blocks

• Routing - Verbs, path parameters, prefixes, and how 404/405 are handled
• Handlers - Writing request handlers and working with HTTPRequest and HTTPResponse
• Configuration - Reading settings from env vars, system properties, and files
• Request Bodies - BodyHandler, BodySupplier, and the built-in JSON supplier
• Middleware - The pipeline, ordering, and writing your own
• Templates - Rendering JTE templates to the response
• Cookies - Reading, writing, and encrypting cookies
• Logging - The swappable logger used by the web and HTTP layers

Production Features

• Static Files - Serving assets with caching and traversal protection
• Security Headers - The SecurityHeaders middleware, CSP builder, and what each header does
• CSRF Protection - The OriginChecks middleware and SameSite cookie strategy
• Exception Handling - Rendering exceptions into HTTP responses
• OIDC Authentication - SSR, SPA, and API auth — login, refresh, logout, and role-based access

End-to-End

• Testing - The WebTest client and OIDCTestFixture harness
• Sample Application - A complete server pulling all of the above together