The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
PathResolverInterfaceto support optional resolver integrations (for examplejsonapi_frontend_webform)
- Docs: clarify “route” resolver responses for add-on modules
- Redirect-aware resolver responses when the Redirect module is installed (
kind: "redirect") - Optional origin JSON:API protection: require
X-Proxy-Secretfor/jsonapi/*in frontend-first mode
- Docs: clarify proxy secret behavior and resolver response types
/jsonapi/routessecret-protected routes feed (optional) for build-time/SSG route enumeration
- Secrets (proxy secret, routes feed secret, revalidation secret) are stored outside config exports by default (state), with optional
settings.phpoverrides
- Added an update hook to migrate any existing secrets out of config storage
- Docs: clarify authentication, caching, and CSRF guidance
- Docs: public starter repo is
code-wheel/jsonapi-frontend-next
- Docs: npm scope is now
@codewheel/*(was@codewheel-ai/*)
/jsonapi/resolveendpoint (path → JSON:API URL)- Hybrid headless configuration (per bundle; optional Views via
jsonapi_views) - Optional cache revalidation webhooks (frontend cache tags)
- Optional integrations:
- Next.js starter template (
jsonapi-frontend-next) - TypeScript client helpers (
@codewheel/jsonapi-frontend-client)
- Next.js starter template (
- Resolver options:
- Anonymous-only caching (configurable max-age)
- Configurable langcode fallback when
langcodeis omitted (site_defaultorcurrent)
- Respects entity access; restricted/unpublished content resolves as “not found”
- Optional origin protection via shared proxy secret (frontend-first mode)
- SSRF protection for webhook URLs
- Drupal 10 or 11