David Glick
David Glick
@wesleybl Yeah, we can make this change for 17. In general my bias is to keep backwards compatibility if it's easy. But that does inflate the number of options over...
My understanding is that CSRF checks are not really needed for a JSON web service _as long as_ the service is adequately validating the request's Content-Type (to make sure the...
(I'm curious why plone.restapi is disabling CSRF in specific endpoints rather than doing it generally in plone.rest though. It seems like something that should be handled at a framework level.)
I can't reproduce this on the current main branch of volto
@me-kell I'm willing to review a proposal for how to fix it, and a PR to implement the fix. I won't prioritize fixing it myself, since I'm not working on...
From my perspective as a maintainer: It certainly seems like a reasonable request to have a way to get the richtext data in the raw format it is stored (especially...
@tiberiuichim I'm not sure I understand the context here. Let's focus on the specific use case. What are you trying to do with the summary serializer or change about it...
Note: This only happens when `id` is included in the POST, not when it is being created automatically from the title. I don't think we have consensus on whether it...
In the long run I think a better solution for that issue would be to give frontend routes a path like `/:register` that cannot collide with content ids. It's a...
My own opinion: I think it is best _by default_ for the API to throw an error if the client specifies an `id` and it is not available exactly as...