Apostrophe2 v3.14.0 Release Notes
Release Date: 2022-02-22 // about 2 years ago-
β Adds
- π» To reduce complications for those implementing caching strategies, the CSRF protection cookie now contains a simple constant string, and is not recorded in
req.session
. This is acceptable because the real purpose of the CSRF check is simply to verify that the browser has sent the cookie at all, which it will not allow a cross-origin script to do. - π As a result of the above, a session cookie is not generated and sent at all unless
req.session
is actually used or a user logs in. Again, this reduces complications for those implementing caching strategies. - π When logging out, the session cookie is now cleared in the browser. Formerly the session was destroyed on the server side only, which was sufficient for security purposes but could create caching issues.
- π Uses
express-cache-on-demand
lib to make similar and concurrent requests on pieces and pages faster. - π Frontend build errors now stop app startup in development, and SCSS and JS/Vue build warnings are visible on the terminal console for the first time.
π Fixes
- π Fixed a bug when editing a page more than once if the page has a relationship to itself, whether directly or indirectly. Widget ids were unnecessarily regenerated in this situation, causing in-context edits after the first to fail to save.
- β‘οΈ Pages no longer emit double
beforeUpdate
andbeforeSave
events. - When the home page extends
@apostrophecms/piece-page-type
, the "show page" URLs for individual pieces should not contain two slashes before the piece slug. Thanks to MartΓ Bravo for the fix. - π Fixes transitions between login page and
afterPasswordVerified
login steps. - π Frontend build errors now stop the
@apostrophecms/asset:build
task properly in production. - β
start
replaced withflex-start
to address SCSS warnings. - π Dead code removal, as a result of following up on JS/Vue build warnings.
- π» To reduce complications for those implementing caching strategies, the CSRF protection cookie now contains a simple constant string, and is not recorded in