From 1bfd1f1a2ade1c5bb9056906be26b179e9487d82 Mon Sep 17 00:00:00 2001 From: Erik-Jan Westendorp Date: Wed, 24 Jan 2024 15:26:29 +0100 Subject: [PATCH 1/3] Remove 'just' --- 13/umbraco-forms/developer/ajaxforms.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/umbraco-forms/developer/ajaxforms.md b/13/umbraco-forms/developer/ajaxforms.md index ba284600f53..4bb0256abb2 100644 --- a/13/umbraco-forms/developer/ajaxforms.md +++ b/13/umbraco-forms/developer/ajaxforms.md @@ -538,7 +538,7 @@ Examples demonstrating how to handle a file upload and use reCAPTCHA fields are The [Content Delivery API](https://docs.umbraco.com/umbraco-cms/v/12.latest/reference/content-delivery-api) provides headless capabilities within Umbraco by allowing you to retrieve content in JSON format. -When retrieving content that contains an Umbraco Forms form picker, the output by default will consist of just the ID of the selected form: +When retrieving content that contains an Umbraco Forms form picker, the output by default will consist of the ID of the selected form: ```json { From 8f8aa6a165d182cbfed5bbee7befd2d500770e3e Mon Sep 17 00:00:00 2001 From: Erik-Jan Westendorp Date: Wed, 24 Jan 2024 15:28:01 +0100 Subject: [PATCH 2/3] Remove 'easily' --- 13/umbraco-forms/developer/ajaxforms.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/13/umbraco-forms/developer/ajaxforms.md b/13/umbraco-forms/developer/ajaxforms.md index 4bb0256abb2..35d31b96c35 100644 --- a/13/umbraco-forms/developer/ajaxforms.md +++ b/13/umbraco-forms/developer/ajaxforms.md @@ -524,7 +524,7 @@ Firstly, with server-to-server integrations you will want to disable the antifor This is done by setting the `Umbraco:Forms:Security:EnableAntiForgeryTokenForFormsApi` configuration key to a value of `false`. -You should then configure an API key `Umbraco:Forms:Security:FormsApiKey`. This can be any string value, but shouldn't be easily guessable by a brute force attack. +You should then configure an API key `Umbraco:Forms:Security:FormsApiKey`. This can be any string value, but it should be complex enough to resist being guessed by a brute force attack. With this in place any request to the Forms API will be rejected unless the configured value is provided in an HTTP header named `Api-Key`. From 4e37288a2490324b9c764aa1fcc29c64e09cd047 Mon Sep 17 00:00:00 2001 From: Erik-Jan Westendorp Date: Fri, 26 Jan 2024 15:37:27 +0100 Subject: [PATCH 3/3] Update v12 --- 12/umbraco-forms/developer/ajaxforms.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/12/umbraco-forms/developer/ajaxforms.md b/12/umbraco-forms/developer/ajaxforms.md index ba284600f53..d38386540d1 100644 --- a/12/umbraco-forms/developer/ajaxforms.md +++ b/12/umbraco-forms/developer/ajaxforms.md @@ -524,7 +524,7 @@ Firstly, with server-to-server integrations you will want to disable the antifor This is done by setting the `Umbraco:Forms:Security:EnableAntiForgeryTokenForFormsApi` configuration key to a value of `false`. -You should then configure an API key `Umbraco:Forms:Security:FormsApiKey`. This can be any string value, but shouldn't be easily guessable by a brute force attack. +You should then configure an API key `Umbraco:Forms:Security:FormsApiKey`. This can be any string value, but it should be complex enough to resist being guessed by a brute force attack. With this in place any request to the Forms API will be rejected unless the configured value is provided in an HTTP header named `Api-Key`. @@ -538,7 +538,7 @@ Examples demonstrating how to handle a file upload and use reCAPTCHA fields are The [Content Delivery API](https://docs.umbraco.com/umbraco-cms/v/12.latest/reference/content-delivery-api) provides headless capabilities within Umbraco by allowing you to retrieve content in JSON format. -When retrieving content that contains an Umbraco Forms form picker, the output by default will consist of just the ID of the selected form: +When retrieving content that contains an Umbraco Forms form picker, the output by default will consist of the ID of the selected form: ```json {