The Write API plugin has been merged into core NodeBB and given the prefix /v3. The pre-existing write-api plugin should still work with NodeBB v1.15.x (and /v2 will be entering maintenance), but development will continue on /v3Breaking and Non-Breaking changes Not Breaking POST /api/v1/users | admin.user.createUser The POST route will now return a complete user object (a call to User.getUserData is made with the new uid) Not Breaking PUT /api/v1/users/:uid | SocketUser.changeUsernameEmail | SocketUser.updateProfile The PUT route will now return a complete user object (like above) Breaking DELETE /api/v1/users | DELETE /api/v1/users/:uid | admin.user.deleteUserAndContent The new DELETE route will now not return anything in response Breaking PUT /api/v1/categories/:cid | admin.categories.update The new PUT route will return the updated category object, instead of simply the cid that was updated Breaking POST /api/v1/groups | admin.groups.create The POST route will now return a complete group object (a call to Groups.getGroupData is made with the new group name) ownerUid, previously returned, will now no longer be present in the response Breaking PUT/DELETE /api/v1/groups/:slug/membership Updated to be PUT/DELETE /api/v1/groups/:slug/membership/:uid, to better conform with RESTful API design (it takes uid as a route param now) Admin-only Write API routes for group addition/removal have been merged into this one route Not Breaking POST /api/v1/topics/:tid | posts.reply The POST route will now return a complete post summary object instead of a smaller subset as before Not Breaking PUT /api/v1/posts/:pid The PUT route will now return a complete post summary object instead of a smaller subset as before Breaking api/v1/categories/:cid/privileges route has been removed in favour of api/v3/users/:uid/privileges and api/v3/groups/:name/privileges Breaking api/v1/categories/:cid/state removed as category disabled state is slated for removal in a future version of NodeBB Breaking api/v2/util/maintenance is renamed api/v3/admin/settings and now allows modification of all ACP settings Breaking api/v2/util/upload is renamed api/v3/files/upload
Helmet - Express Middleware
mootzville last edited by
Found a nice article on a module I hadn't seen before called Helmet. It's an express middleware that makes adding content security policy to your express app pretty straightforward. Thought I'd put it up here and suggest looking into adding it to the nodebb core.
Yes, we fully intend on utilising this with nodebb, assuming the overhead is minimal.