Skip to content

Document security defaults for newly scaffolded Strapi projects#3302

Draft
pwizla wants to merge 2 commits into
mainfrom
cms/document-security-defaults-new-projects
Draft

Document security defaults for newly scaffolded Strapi projects#3302
pwizla wants to merge 2 commits into
mainfrom
cms/document-security-defaults-new-projects

Conversation

@pwizla

@pwizla pwizla commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

This PR updates documentation based on strapi/strapi#26737.

Generated automatically by the docs self-healing workflow.
Review before merging.

@github-actions @claude
Document security defaults for newly scaffolded Strapi projects
1ec33ce 
Apps created with create-strapi-app now ship with strictParams enabled
for both REST and Document Service, refresh-token JWT with httpOnly
sessions for Users & Permissions, upload allowedTypes/deniedTypes,
webhooks.populateRelations disabled, and a random JWT_SECRET in .env.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@pwizla pwizla added the auto-doc-healing Automatically generated documentation PR label Jun 30, 2026
@pwizla pwizla self-assigned this Jun 30, 2026
@strapi-cla

strapi-cla commented Jun 30, 2026
edited
Loading

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ pwizla
❌ github-actions[bot]
You have signed the CLA already but the status is still pending? Let us recheck it.

@vercel

vercel Bot commented Jun 30, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
documentation Ready Ready Preview, Comment Jun 30, 2026 3:39pm

Request Review

@github-actions github-actions Bot added pr: updated content PRs updating existing documentation content source: CMS internal PRs created by the Strapi core team labels Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pwizla pwizla

Labels

auto-doc-healing Automatically generated documentation PR internal PRs created by the Strapi core team pr: updated content PRs updating existing documentation content source: CMS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pwizla @strapi-cla