Django documentation states regarding their development server:
Don’t use this server in anything resembling a production environment. It’s intended only for use while developing. (We’re in the business of making Web frameworks, not Web servers.)
Sanic's deployment documentation do not say that we can not use it's built in server in production. It states:
Deploying Sanic is very simple using one of three options: the inbuilt webserver, an ASGI webserver, or gunicorn. It is also very common to place Sanic behind a reverse proxy, like nginx.
For me it means freedom from Apache. It also means that Nginx, Gunicorn, Daphne, Uvicorn, Hypercorn etc. are optional.
However, I found some negative comments regarding its built in server in Sanic: python web server that's written to die fast. On the other hand, Their github repository seems very active. Did they addressed the issues mentioned in the Reddit post?
Am I missing something?
Issue 1 deals with request size and timeout settings that allow for DoS attacks by flooding the server with too much data. These settings can be adjusted by the admin, according to the server hardware and the requirements of the site being run. That being said, the defaults probably should be lower than they are, to make such attacks on unconfigured servers more difficult.
Issue 2 claims that there is no backpressure handling in streaming responses. The current version does have flow control and thus gets proper backpressure control, avoiding such issues. Since this was quite badly overlooked in Python's asyncio protocol design, a lot of applications had such problems in the past, presumably also including Sanic at the time the blog was written.
As it is now, the Sanic server can certainly run directly on Internet, and that is in fact much safer against DoS than running Django behind nginx or Apache, where any long-lasting POST request blocks an entire Django worker.