This forum has moved, please join us on github discussions. We will keep these old posts available for reference. Thank you!

Apostrophe 2.70.1: CSRF cookie parameters, bug fixes for advisory locks on pieces, event handlers, better semantic button markup

Official Announcements
#1

  • Bug fix: when you attempt to edit a piece that someone else has open in the edit dialog box, you should receive a warning, and the option to take over or leave it alone. This worked, however the “advisory lock” was not released when closing the dialog box. So users saw superfluous warnings. The bug was related to calling $.jsonCall with the wrong order of arguments.

  • Bug fix: a user without permissions to lock a particular document could cause a process restart by attempting to lock it. No inappropriate access was granted.

  • Bug fix: the jQuery onSafe plugin now respects the return value of the event handler, allowing the use of return false; in such handlers. Thanks to Fredrik Ekelund.

  • When configuring the csrf option of apostrophe-express, you may now pass the cookie subproperty in order to pass configuration options to res.cookie, such as secure: true.

  • The Apostrophe button macro now renders a button rather than an anchor tag, except when the url option is present. Thanks to Fredrik Ekelund.