v2.4.0
[2.4.0] 22.5.2024
- Add separate consumer for previewing, prevent anonymous access to the GraphQL endpoint
- Add authentication to grapqhl-codegen npm operations
This release improves security by closing off the GraphQL endpoint to unauthenticated requests.
Instead, we now setup and use two separate consumer entities associated with user roles with the appropriate permissions. We will use the consumer with higher permissions only when generating previews, and the one with regular permissions for all other operations.
This impacted also the npm run graphql-codegen
operation used in development, which now will automatically get an authentication token from the Drupal backend when run.
Full Changelog: v2.3.0...v2.4.0