Craft Link List (Archive)

Introduction

Craft 3.6 RC1, securing Craft assets, PHP 8 caution, and updates-a-go-go.

Hello again. Welcome to issue 125 of Craft Link List. This issue comes to you as the Thanksgiving holiday 🦃ends in the US. That might account for a fewer number of Craft-specific links in this issue, but there are still exciting things we'll cover that a Craft developer might find interesting.

Craft 3.6 RC1 is the top story in this issue. PHP 8 is another important update happening now, but when it comes to Craft + PHP 8, proceed with caution for the time being. Sprig has recently received an update, and there's news on the Let's Encrypt API. Also look for Chris Chapman‘s post on securing assets in Craft.

Thank you to the sponsors of this issue.

Fortrabbit is a preferred hosting provider for Craft CMS, offering a modern PHP application platform tailored for Craft, with Git deployments and Composer support. Try fortrabbit today.

Freeform 3.9 includes new Update Notices that alert you to updates to Freeform features you're using, critical security warnings, and even API integration changes to keep your site humming.

Let's hit the links.

-John Morton

News

Craft 3.5.16 released

Craft 3.5.16 was released last week as the current production build of Craft. Here's what you can look forward to.

🎇 Improved WebP support means you can transform your images into the webp format
👤 Accessibility, UI, and UX improvements
🛑new Twig variable: setPasswordUrl
🐛 Bug fixes

Standing on Our Own Two Feet - Let's Encrypt - Free SSL/TLS Certificates

If you rely on Let's Encrypt to create your TLS certificates, there's a change happening soon that you need to be aware of. Here are a few excerpts from the article linked above:

Some software that hasn’t been updated since 2016 (approximately when our root was accepted to many root programs) still doesn’t trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let’s Encrypt.

Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let’s Encrypt certificate.

If you're on Heroku, for example, you've probably received an email that has encouraged you to go out and buy a certificate on your own instead of relying on Let's Encrypt for now.

Xdebug - Xdebug 3.0.0 is out!

Configuration changes, massive performance improvements, and PHP 8 support are the primary features in Xdebug 3.

When you're ready for this update, be sure to check out the update guide.

Featured Sponsor

Craft CMS Hosting Partner

We like to automate ALL THE THINGS — except customer support.

Get started with a free trial today! And ask whenever you have any questions.

Tools, tips, and fundamentals

Sprig 1.1.0 adds Features & Security ⭐️

I don’t typically include updates to non-first-party content in the newsletter. Sprig is an exception to that rule because it might be "the best thing to come out of 2020."

</> htmx - high power tools for html

htmx, the library that Sprig relies on, has hit version 1. What is htmx? "htmx is a different sort of javascript library. It is an HTML & hypertext-oriented reply to the current dominance of javascript-based SPA libraries."

Apply project config on`git pull`

Git hooks “are programs you can place in a hooks directory to trigger actions at certain points in git’s execution.” If you use them on your Craft project, Jason Siffring shared a suggestion for applying your project config automatically by placing project-config/apply in your post-merge file.

Interested? You might also want to check out Husky, which promises to make Git Hooks easy.

Perfecting your technique

nystudio107 | Updating Craft CMS Without Headaches ⭐️

Updating Craft CMS to the latest version doesn’t have to cause headaches. Here’s a prescription for how to update Craft CMS without pain.

General Config Settings | Same Site Cookie Value

A security topic came up in Discord a couple of weeks ago regarding the suggestion of hardening the SameSite cookie setting in Craft. You can control that in Craft with the configuration setting mentioned in the docs at the link above. Setting it to Strict or Lax won't cause any issues as far as Craft is concerned, "but there may be implications for the front-end of your site," said Brad Bell. If you updated your sameSiteCookieValue, you'll want to read this SameSite Overview.

Securing Sensitive Craft CMS Assets with AWS Lambda ⭐️

In this article, Chris Chapman, from Clearfire, discusses how to protect uploaded Asset files from being publicly available at their Asset URLs, by using AWS Lambda. Useful for securing Asset URLs for intranets or authenticated users.

Redirect after saving an entry

Check out the Stack Exchange post for the question and answer and then read the Craft docs about the redirectInput function.

Sponsor

Catch & resolve issues sooner with the new Dashboard & Update Notices

Freeform 3.9 includes a redesigned Dashboard and a new built-in Update Notices and What's New center to display notices and warnings, giving you some peace of mind as it keeps you informed about new features and issues that only specifically affect your site. Paired with Weekly Digest email notifications, this is a powerful feature that allows you to run your site on autopilot.

Plugged In

Hop Reveal

Hop Reveal gives site editors a quick and helpful visual cue to which server they are working on -- staging, development or production -- on both front-end and back-end website pages.

Marketplace for Craft Commerce

Make your Craft ecommerce site into a Marketplace: add payees to products, charge a fee for your platform, and handle payouts automatically via Stripe Connect.

The Craft Advantage

Flexible and solid

"Stumbled upon @CraftCMS" Twitter thread

The thread concludes with this:

The fact that this CMS is able to do headless with out of the box GraphQL support and a traditional template style combined with a really nice editing experience is so good.

Yii, Twig, PHP & More

Abuse dd() and superglobals

Liam Hammett shared a dd_on function for PHP on Twitter. Basically, it's a dd-like function that you can execute multiple times and have it return on a specified iteration. If you're using Xdebug, you don't need this.

Overheard

The Grand Unification Proposal

This is not an appropriate venue to discuss replacing the entire web tech stack.

🔥🔥🔥🔥🔥🔥

Tech twitter has been increasingly overwhelming

Yes, there is too much to learn. No one can know it all. Things change fast. You're in good company.

It’s not Craft, but it’s interesting.

Show your brand logo in Gmail easily by adding a BIMI record to your DNS

The Tweet above is how I found out about BIMI records. You can read about how to create them at the MX Toolbox page on BIMI Records. The BIMI Group also has a BIMI LookUp & Generator tool, if you want an alternative to MX Toolbox.

You'll need to create the correct type of SVG logo file. On this page about SVG Conversion Tools from the BIMI Group, you'll find tools for Windows, Mac, and Illustrator.

If you're looking for a tool to help you set up the DMARC record, which is required as part of the process, visit the DMARC Analyzer tool.