You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: 17/umbraco-cms/fundamentals/setup/upgrading/version-specific/README.md
+12Lines changed: 12 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -174,6 +174,18 @@ The default value of the `UseHttps` configuration in [Global Settings](../../../
174
174
175
175
If you _need_ to run Umbraco without HTTPS, make sure to update `appsettings.json` accordingly.
176
176
177
+
**Authentication for the backoffice client**
178
+
179
+
Following the draft [Request for Comments (RFC) from the Internet Engineering Task Force (IETF)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps), the backoffice client authentication has been changed to tighten security.
180
+
181
+
This change affects _only_ the backoffice client authentication against the Management API. API user authentication against the Management API remains unaffected, as does the Delivery API.
182
+
183
+
This change _might_ affect custom backoffice extensions that interact with the Management API. All fetch requests to the Management API must include credentials by declaring `credentials: 'include'`.
184
+
185
+
By default, backoffice extensions built using the HQ package starter template are not affected.
186
+
187
+
For more details on this update, see the following PRs: [#20779](https://github.com/umbraco/Umbraco-CMS/pull/20779) and [#20820](https://github.com/umbraco/Umbraco-CMS/pull/20820).
188
+
177
189
**Updated dependencies**
178
190
179
191
As is usual for a major upgrade, Umbraco’s dependencies have been updated to their latest compatible versions.
0 commit comments