From 00086965e7109dfac8f01f38fc05e24ccf9863ad Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:09:48 +0000 Subject: [PATCH 01/10] docs(backend): correct TypeScript code fences in TS tabs (controllers, services, middlewares, routes) --- docusaurus/docs/cms/backend-customization/controllers.md | 2 +- docusaurus/docs/cms/backend-customization/middlewares.md | 2 +- docusaurus/docs/cms/backend-customization/routes.md | 4 ++-- docusaurus/docs/cms/backend-customization/services.md | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docusaurus/docs/cms/backend-customization/controllers.md b/docusaurus/docs/cms/backend-customization/controllers.md index 75dc481553..67d0b72ca2 100644 --- a/docusaurus/docs/cms/backend-customization/controllers.md +++ b/docusaurus/docs/cms/backend-customization/controllers.md @@ -95,7 +95,7 @@ module.exports = createCoreController('api::restaurant.restaurant', ({ strapi }) -```js title="./src/api/restaurant/controllers/restaurant.ts" +```ts title="./src/api/restaurant/controllers/restaurant.ts" import { factories } from '@strapi/strapi'; diff --git a/docusaurus/docs/cms/backend-customization/middlewares.md b/docusaurus/docs/cms/backend-customization/middlewares.md index 57e930bdbd..f47ee9f6e7 100644 --- a/docusaurus/docs/cms/backend-customization/middlewares.md +++ b/docusaurus/docs/cms/backend-customization/middlewares.md @@ -108,7 +108,7 @@ module.exports = () => { -```js title="/config/middlewares.ts" +```ts title="/config/middlewares.ts" export default () => { return async (ctx, next) => { diff --git a/docusaurus/docs/cms/backend-customization/routes.md b/docusaurus/docs/cms/backend-customization/routes.md index ef5747a454..54a5ce2d46 100644 --- a/docusaurus/docs/cms/backend-customization/routes.md +++ b/docusaurus/docs/cms/backend-customization/routes.md @@ -97,7 +97,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```js title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" +```ts title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" import { factories } from '@strapi/strapi'; @@ -149,7 +149,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```js title="./src/api/restaurant/routes/restaurant.ts" +```ts title="./src/api/restaurant/routes/restaurant.ts" import { factories } from '@strapi/strapi'; diff --git a/docusaurus/docs/cms/backend-customization/services.md b/docusaurus/docs/cms/backend-customization/services.md index 86c5e7442d..ff0c26cc3b 100644 --- a/docusaurus/docs/cms/backend-customization/services.md +++ b/docusaurus/docs/cms/backend-customization/services.md @@ -83,7 +83,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```js title="./src/api/restaurant/services/restaurant.ts" +```ts title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; @@ -171,7 +171,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```js title="./src/api/restaurant/services/restaurant.ts" +```ts title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; From 49a15fb84c95c9166c39a7c5d79725c485df8f55 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:09:54 +0000 Subject: [PATCH 02/10] docs(bundlers): clarify webpack config example rename and JS/TS filenames --- .../docs/cms/admin-panel-customization/bundlers.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docusaurus/docs/cms/admin-panel-customization/bundlers.md b/docusaurus/docs/cms/admin-panel-customization/bundlers.md index 81b485a2db..25ebf19dc1 100644 --- a/docusaurus/docs/cms/admin-panel-customization/bundlers.md +++ b/docusaurus/docs/cms/admin-panel-customization/bundlers.md @@ -80,10 +80,15 @@ strapi develop --bundler=webpack ``` :::prerequisites -Make sure to rename the default `webpack.config.example.js` file into `webpack.config.` before customizing webpack. +If you plan to customize webpack, start from the example file in your project root. Rename: + +- `webpack.config.example.js` → `webpack.config.js` (JavaScript) +- or `webpack.config.example.ts` → `webpack.config.ts` (TypeScript) + +Strapi will pick up `webpack.config.js` or `webpack.config.ts` automatically when you run `strapi develop --bundler=webpack`. ::: -In order to extend the usage of webpack v5, define a function that extends its configuration inside `/src/admin/webpack.config.`: +To extend webpack v5, define a function that returns a modified config in `/src/admin/webpack.config.js` or `/src/admin/webpack.config.ts`: @@ -118,4 +123,3 @@ export default (config, webpack) => { - From 9502ba1c65eca433a9d6c53277dd9ba2a4d93e03 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:10:01 +0000 Subject: [PATCH 03/10] docs(routes): add guidance to prefer fully-qualified handler names in custom routers --- docusaurus/docs/cms/backend-customization/routes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docusaurus/docs/cms/backend-customization/routes.md b/docusaurus/docs/cms/backend-customization/routes.md index 54a5ce2d46..f5920ea584 100644 --- a/docusaurus/docs/cms/backend-customization/routes.md +++ b/docusaurus/docs/cms/backend-customization/routes.md @@ -168,7 +168,7 @@ export default factories.createCoreRouter('api::restaurant.restaurant', { -This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. +This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. When you reference custom controller actions in custom routers, prefer the fully‑qualified `api::..` form for clarity (e.g., `api::restaurant.restaurant.review`). ### Creating custom routers From 8ad2c1fe6c05f370596a10122889ab4d01cc5b65 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:10:17 +0000 Subject: [PATCH 04/10] docs(api-tokens): add concise security tip (least privilege, rotation, secrets manager) --- docusaurus/docs/cms/features/api-tokens.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docusaurus/docs/cms/features/api-tokens.md b/docusaurus/docs/cms/features/api-tokens.md index 7f63b377c9..08ff86b2d7 100644 --- a/docusaurus/docs/cms/features/api-tokens.md +++ b/docusaurus/docs/cms/features/api-tokens.md @@ -19,6 +19,10 @@ API tokens provide scoped authentication for REST and GraphQL requests without e API tokens allow users to authenticate REST and GraphQL API queries (see [APIs introduction](/cms/api/content-api)). +:::tip Security +Prefer read‑only tokens for public access, scope server tokens to only what you need, rotate long‑lived tokens, and store them in a secrets manager. Never expose admin tokens in client‑side code. +::: + Free feature From aff6accbb9153c28aad5b85b867515f40dac4687 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:11:05 +0000 Subject: [PATCH 05/10] docs(controllers): add caution about validateQuery/sanitizeQuery/sanitizeOutput when overriding actions --- docusaurus/docs/cms/backend-customization/controllers.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docusaurus/docs/cms/backend-customization/controllers.md b/docusaurus/docs/cms/backend-customization/controllers.md index 67d0b72ca2..0cc69e6cf4 100644 --- a/docusaurus/docs/cms/backend-customization/controllers.md +++ b/docusaurus/docs/cms/backend-customization/controllers.md @@ -29,6 +29,10 @@ In most cases, the controllers will contain the bulk of a project's business log
The diagram represents a simplified version of how a request travels through the Strapi back end, with controllers highlighted. The backend customization introduction page includes a complete, interactive diagram.
 +:::caution Sanitize inputs and outputs +When overriding core actions, always validate and sanitize queries and responses to avoid leaking private fields or bypassing access rules. Use `validateQuery` (optional), `sanitizeQuery` (recommended), and `sanitizeOutput` before returning data from custom actions. See the example below for a safe `find` override. +::: + ## Implementation Controllers can be [generated or added manually](#adding-a-new-controller). Strapi provides a `createCoreController` factory function that automatically generates core controllers and allows building custom ones or [extend or replace the generated controllers](#extending-core-controllers). From afa94175752aab4cf57eae7a8b9f7713b898d824 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:11:24 +0000 Subject: [PATCH 06/10] docs(policies): clarify scoped policy folders and fix example path --- docusaurus/docs/cms/backend-customization/policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docusaurus/docs/cms/backend-customization/policies.md b/docusaurus/docs/cms/backend-customization/policies.md index 251ec3902d..6a1adf2451 100644 --- a/docusaurus/docs/cms/backend-customization/policies.md +++ b/docusaurus/docs/cms/backend-customization/policies.md @@ -24,7 +24,7 @@ Policies are functions that execute specific logic on each request before it rea Each [route](/cms/backend-customization/routes) of a Strapi project can be associated to an array of policies. For example, a policy named `is-admin` could check that the request is sent by an admin user, and restrict access to critical routes. -Policies can be global or scoped. [Global policies](#global-policies) can be associated to any route in the project. Scoped policies only apply to a specific [API](#api-policies) or [plugin](#plugin-policies). +Policies can be global or scoped. [Global policies](#global-policies) can be associated to any route in the project. Scoped policies only apply to a specific [API](#api-policies) or [plugin](#plugin-policies) and should live under the corresponding `./src/api//policies/` or `./src/plugins//policies/` folder.
Simplified Strapi backend diagram with routes and policies highlighted @@ -89,7 +89,7 @@ Policies can be configured using a `config` object: -```js title=".src/api/[api-name]/policies/my-policy.js" +```js title="./src/api/[api-name]/policies/my-policy.js" module.exports = (policyContext, config, { strapi }) => { if (policyContext.state.user.role.code === config.role) { // if user's role is the same as the one described in configuration From 1badc7393efe2efc3ea14e8ef0ba6d0672f8ee3b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:11:31 +0000 Subject: [PATCH 07/10] docs(webhooks): add signature verification tip and fix TS config path --- docusaurus/docs/cms/backend-customization/webhooks.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docusaurus/docs/cms/backend-customization/webhooks.md b/docusaurus/docs/cms/backend-customization/webhooks.md index c40e959340..410c0e233b 100644 --- a/docusaurus/docs/cms/backend-customization/webhooks.md +++ b/docusaurus/docs/cms/backend-customization/webhooks.md @@ -73,6 +73,7 @@ export default { Most of the time, webhooks make requests to public URLs, therefore it is possible that someone may find that URL and send it wrong information. To prevent this from happening you can send a header with an authentication token. Using the Admin panel you would have to do it for every webhook. +Consider signing webhook payloads and verifying signatures server‑side to prevent replay attacks. Another way is to define `defaultHeaders` to add to every webhook request. You can configure these global headers by updating the file at `./config/server`: @@ -98,7 +99,7 @@ module.exports = { -```js title="./config.server.ts" +```js title="./config/server.ts" export default { webhooks: { defaultHeaders: { @@ -514,4 +515,4 @@ The event is triggered when a [release](/cms/features/releases) is published. :::tip If you want to learn more about how to use webhooks with Next.js, please have a look at the [dedicated blog article](https://strapi.io/blog/how-to-create-an-ssg-static-site-generation-application-with-strapi-webhooks-and-nextjs). -::: \ No newline at end of file +::: From 8406c4f159b685aaf9eaa1f3f4ed19c4d0058f41 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:11:37 +0000 Subject: [PATCH 08/10] docs(theme-extension): add minimal TS example for theme.light and theme.dark overrides --- .../theme-extension.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docusaurus/docs/cms/admin-panel-customization/theme-extension.md b/docusaurus/docs/cms/admin-panel-customization/theme-extension.md index 67593b76c0..d6ca1648b0 100644 --- a/docusaurus/docs/cms/admin-panel-customization/theme-extension.md +++ b/docusaurus/docs/cms/admin-panel-customization/theme-extension.md @@ -21,3 +21,25 @@ To extend the theme, use either: :::strapi Strapi Design System The default defines various theme-related keys (shadows, colors…) that can be updated through the `config.theme.light` and `config.theme.dark` keys in `./admin/src/app.js`. The is fully customizable and has a dedicated documentation. ::: + +### Example (TypeScript) + +```ts title="/src/admin/app.ts" +export default { + config: { + theme: { + light: { + colors: { + primary600: '#4A6EFF', + }, + }, + dark: { + colors: { + primary600: '#9DB2FF', + }, + }, + }, + }, + bootstrap() {}, +} +``` From 9162e3e38ebd1d324b5fd764a57826b592555d69 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 12:11:44 +0000 Subject: [PATCH 09/10] docs(wysiwyg): add next steps tip (plugin first, custom field for deeper integration) --- .../docs/cms/admin-panel-customization/wysiwyg-editor.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docusaurus/docs/cms/admin-panel-customization/wysiwyg-editor.md b/docusaurus/docs/cms/admin-panel-customization/wysiwyg-editor.md index e427877b4b..b9fe3a77e6 100644 --- a/docusaurus/docs/cms/admin-panel-customization/wysiwyg-editor.md +++ b/docusaurus/docs/cms/admin-panel-customization/wysiwyg-editor.md @@ -15,3 +15,7 @@ Strapi's [admin panel](/cms/admin-panel-customization) comes with a built-in ric - You can install a third-party plugin, such as one for CKEditor, by visiting . - You can create your own plugin to create and register a fully custom WYSIWYG field (see [custom fields documentation](/cms/features/custom-fields)). + +:::tip Next steps +When evaluating editors, start with a plugin from the Marketplace for a quick trial, then consider a custom field if you need deeper integration (schema, validation, or custom toolbar behavior). +::: From 05ee576af345e5dc864efaa889413db4fb197370 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 20 Nov 2025 16:31:28 +0000 Subject: [PATCH 10/10] Limit PR scope based on title; keep only intended doc(s); revert unrelated files --- .../cms/admin-panel-customization/bundlers.md | 10 +++------ .../theme-extension.md | 22 ------------------- .../cms/backend-customization/controllers.md | 6 +---- .../cms/backend-customization/middlewares.md | 2 +- .../cms/backend-customization/policies.md | 4 ++-- .../docs/cms/backend-customization/routes.md | 6 ++--- .../cms/backend-customization/services.md | 4 ++-- .../cms/backend-customization/webhooks.md | 5 ++--- docusaurus/docs/cms/features/api-tokens.md | 4 ---- 9 files changed, 14 insertions(+), 49 deletions(-) diff --git a/docusaurus/docs/cms/admin-panel-customization/bundlers.md b/docusaurus/docs/cms/admin-panel-customization/bundlers.md index 25ebf19dc1..81b485a2db 100644 --- a/docusaurus/docs/cms/admin-panel-customization/bundlers.md +++ b/docusaurus/docs/cms/admin-panel-customization/bundlers.md @@ -80,15 +80,10 @@ strapi develop --bundler=webpack ``` :::prerequisites -If you plan to customize webpack, start from the example file in your project root. Rename: - -- `webpack.config.example.js` → `webpack.config.js` (JavaScript) -- or `webpack.config.example.ts` → `webpack.config.ts` (TypeScript) - -Strapi will pick up `webpack.config.js` or `webpack.config.ts` automatically when you run `strapi develop --bundler=webpack`. +Make sure to rename the default `webpack.config.example.js` file into `webpack.config.` before customizing webpack. ::: -To extend webpack v5, define a function that returns a modified config in `/src/admin/webpack.config.js` or `/src/admin/webpack.config.ts`: +In order to extend the usage of webpack v5, define a function that extends its configuration inside `/src/admin/webpack.config.`: @@ -123,3 +118,4 @@ export default (config, webpack) => { + diff --git a/docusaurus/docs/cms/admin-panel-customization/theme-extension.md b/docusaurus/docs/cms/admin-panel-customization/theme-extension.md index d6ca1648b0..67593b76c0 100644 --- a/docusaurus/docs/cms/admin-panel-customization/theme-extension.md +++ b/docusaurus/docs/cms/admin-panel-customization/theme-extension.md @@ -21,25 +21,3 @@ To extend the theme, use either: :::strapi Strapi Design System The default defines various theme-related keys (shadows, colors…) that can be updated through the `config.theme.light` and `config.theme.dark` keys in `./admin/src/app.js`. The is fully customizable and has a dedicated documentation. ::: - -### Example (TypeScript) - -```ts title="/src/admin/app.ts" -export default { - config: { - theme: { - light: { - colors: { - primary600: '#4A6EFF', - }, - }, - dark: { - colors: { - primary600: '#9DB2FF', - }, - }, - }, - }, - bootstrap() {}, -} -``` diff --git a/docusaurus/docs/cms/backend-customization/controllers.md b/docusaurus/docs/cms/backend-customization/controllers.md index 0cc69e6cf4..75dc481553 100644 --- a/docusaurus/docs/cms/backend-customization/controllers.md +++ b/docusaurus/docs/cms/backend-customization/controllers.md @@ -29,10 +29,6 @@ In most cases, the controllers will contain the bulk of a project's business log
The diagram represents a simplified version of how a request travels through the Strapi back end, with controllers highlighted. The backend customization introduction page includes a complete, interactive diagram.
-:::caution Sanitize inputs and outputs -When overriding core actions, always validate and sanitize queries and responses to avoid leaking private fields or bypassing access rules. Use `validateQuery` (optional), `sanitizeQuery` (recommended), and `sanitizeOutput` before returning data from custom actions. See the example below for a safe `find` override. -::: - ## Implementation Controllers can be [generated or added manually](#adding-a-new-controller). Strapi provides a `createCoreController` factory function that automatically generates core controllers and allows building custom ones or [extend or replace the generated controllers](#extending-core-controllers). @@ -99,7 +95,7 @@ module.exports = createCoreController('api::restaurant.restaurant', ({ strapi }) -```ts title="./src/api/restaurant/controllers/restaurant.ts" +```js title="./src/api/restaurant/controllers/restaurant.ts" import { factories } from '@strapi/strapi'; diff --git a/docusaurus/docs/cms/backend-customization/middlewares.md b/docusaurus/docs/cms/backend-customization/middlewares.md index f47ee9f6e7..57e930bdbd 100644 --- a/docusaurus/docs/cms/backend-customization/middlewares.md +++ b/docusaurus/docs/cms/backend-customization/middlewares.md @@ -108,7 +108,7 @@ module.exports = () => { -```ts title="/config/middlewares.ts" +```js title="/config/middlewares.ts" export default () => { return async (ctx, next) => { diff --git a/docusaurus/docs/cms/backend-customization/policies.md b/docusaurus/docs/cms/backend-customization/policies.md index 6a1adf2451..251ec3902d 100644 --- a/docusaurus/docs/cms/backend-customization/policies.md +++ b/docusaurus/docs/cms/backend-customization/policies.md @@ -24,7 +24,7 @@ Policies are functions that execute specific logic on each request before it rea Each [route](/cms/backend-customization/routes) of a Strapi project can be associated to an array of policies. For example, a policy named `is-admin` could check that the request is sent by an admin user, and restrict access to critical routes. -Policies can be global or scoped. [Global policies](#global-policies) can be associated to any route in the project. Scoped policies only apply to a specific [API](#api-policies) or [plugin](#plugin-policies) and should live under the corresponding `./src/api//policies/` or `./src/plugins//policies/` folder. +Policies can be global or scoped. [Global policies](#global-policies) can be associated to any route in the project. Scoped policies only apply to a specific [API](#api-policies) or [plugin](#plugin-policies).
Simplified Strapi backend diagram with routes and policies highlighted @@ -89,7 +89,7 @@ Policies can be configured using a `config` object: -```js title="./src/api/[api-name]/policies/my-policy.js" +```js title=".src/api/[api-name]/policies/my-policy.js" module.exports = (policyContext, config, { strapi }) => { if (policyContext.state.user.role.code === config.role) { // if user's role is the same as the one described in configuration diff --git a/docusaurus/docs/cms/backend-customization/routes.md b/docusaurus/docs/cms/backend-customization/routes.md index f5920ea584..ef5747a454 100644 --- a/docusaurus/docs/cms/backend-customization/routes.md +++ b/docusaurus/docs/cms/backend-customization/routes.md @@ -97,7 +97,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```ts title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" +```js title="./src/api/[apiName]/routes/[routerName].ts (e.g './src/api/restaurant/routes/restaurant.ts')" import { factories } from '@strapi/strapi'; @@ -149,7 +149,7 @@ module.exports = createCoreRouter('api::restaurant.restaurant', { -```ts title="./src/api/restaurant/routes/restaurant.ts" +```js title="./src/api/restaurant/routes/restaurant.ts" import { factories } from '@strapi/strapi'; @@ -168,7 +168,7 @@ export default factories.createCoreRouter('api::restaurant.restaurant', { -This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. When you reference custom controller actions in custom routers, prefer the fully‑qualified `api::..` form for clarity (e.g., `api::restaurant.restaurant.review`). +This only allows a `GET` request on the `/restaurants` path from the core `find` [controller](/cms/backend-customization/controllers) without authentication. ### Creating custom routers diff --git a/docusaurus/docs/cms/backend-customization/services.md b/docusaurus/docs/cms/backend-customization/services.md index ff0c26cc3b..86c5e7442d 100644 --- a/docusaurus/docs/cms/backend-customization/services.md +++ b/docusaurus/docs/cms/backend-customization/services.md @@ -83,7 +83,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```ts title="./src/api/restaurant/services/restaurant.ts" +```js title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; @@ -171,7 +171,7 @@ module.exports = createCoreService('api::restaurant.restaurant', ({ strapi }) => -```ts title="./src/api/restaurant/services/restaurant.ts" +```js title="./src/api/restaurant/services/restaurant.ts" import { factories } from '@strapi/strapi'; diff --git a/docusaurus/docs/cms/backend-customization/webhooks.md b/docusaurus/docs/cms/backend-customization/webhooks.md index 410c0e233b..c40e959340 100644 --- a/docusaurus/docs/cms/backend-customization/webhooks.md +++ b/docusaurus/docs/cms/backend-customization/webhooks.md @@ -73,7 +73,6 @@ export default { Most of the time, webhooks make requests to public URLs, therefore it is possible that someone may find that URL and send it wrong information. To prevent this from happening you can send a header with an authentication token. Using the Admin panel you would have to do it for every webhook. -Consider signing webhook payloads and verifying signatures server‑side to prevent replay attacks. Another way is to define `defaultHeaders` to add to every webhook request. You can configure these global headers by updating the file at `./config/server`: @@ -99,7 +98,7 @@ module.exports = { -```js title="./config/server.ts" +```js title="./config.server.ts" export default { webhooks: { defaultHeaders: { @@ -515,4 +514,4 @@ The event is triggered when a [release](/cms/features/releases) is published. :::tip If you want to learn more about how to use webhooks with Next.js, please have a look at the [dedicated blog article](https://strapi.io/blog/how-to-create-an-ssg-static-site-generation-application-with-strapi-webhooks-and-nextjs). -::: +::: \ No newline at end of file diff --git a/docusaurus/docs/cms/features/api-tokens.md b/docusaurus/docs/cms/features/api-tokens.md index 08ff86b2d7..7f63b377c9 100644 --- a/docusaurus/docs/cms/features/api-tokens.md +++ b/docusaurus/docs/cms/features/api-tokens.md @@ -19,10 +19,6 @@ API tokens provide scoped authentication for REST and GraphQL requests without e API tokens allow users to authenticate REST and GraphQL API queries (see [APIs introduction](/cms/api/content-api)). -:::tip Security -Prefer read‑only tokens for public access, scope server tokens to only what you need, rotate long‑lived tokens, and store them in a secrets manager. Never expose admin tokens in client‑side code. -::: - Free feature