Merge pull request #1375 from strapi/main

Production release: Strapi docs v4.5.5

Author: stb13579

docs/developer-docs/latest/developer-resources/cli/snippets/installation-prerequisites.md

@@ -1,5 +1,9 @@
-The installation requires the following software to be already installed on your computer:
+Before installing Strapi, the following requirements must be installed on your computer:
 
-- [Node.js](https://nodejs.org): only maintenance and LTS versions are supported (v14, v16, and v18). Other versions of Node.js may not be compatible with the latest release of Strapi. Node v18.x is recommended for Strapi v4.3.9 and above, Node v16.x for Strapi v4.0.x to v4.3.8.
-- [npm](https://docs.npmjs.com/cli/v6/commands/npm-install) (v6 only) or [yarn](https://yarnpkg.com/getting-started/install) to run the CLI installation scripts.
-- [Python](https://www.python.org/downloads/) when using a SQLite database
+- [Node.js](https://nodejs.org): Only Maintenance and LTS versions are supported (`v14`, `v16`, and `v18`).
+    - Node v18.x is recommended for Strapi `v4.3.9` and above
+    - Node v16.x is recommended for Strapi `v4.0.x` to `v4.3.8`.
+- Your preferred Node.js package manager:
+    - [npm](https://docs.npmjs.com/cli/v6/commands/npm-install) (`v6` only)
+    - [yarn](https://yarnpkg.com/getting-started/install)
+- [Python](https://www.python.org/downloads/) (if using a SQLite database)

docs/developer-docs/latest/development/backend-customization/models.md

@@ -102,8 +102,7 @@ The `info` key in the model's schema describes information used to display the m
 | `displayName`  | String | Default name to use in the admin panel                                                                                                      |
 | `singularName` | String | Singular form of the content-type name.<br>Used to generate the API routes and databases/tables collection.<br><br>Should be kebab-case. |
 | `pluralName`   | String | Plural form of the content-type name.<br>Used to generate the API routes and databases/tables collection.<br><br>Should be kebab-case.    |
-| `description`  | String | Description of the model                                                                                                                   |
-| `icon`<br><br>_Optional,_<br>_only for Components_       | String      | [FontAwesome](https://fontawesome.com/) (v5) icon name to use for the component's icon in the admin panel
+| `description`  | String | Description of the model
 
 ```json
 // ./src/api/[api-name]/content-types/restaurant/schema.json

docs/developer-docs/latest/plugins/graphql.md

@@ -891,3 +891,19 @@ mutation {
 :::
 
 Then on each request, send along an `Authorization` header in the form of `{ "Authorization": "Bearer YOUR_JWT_GOES_HERE" }`. This can be set in the HTTP Headers section of your GraphQL Playground.
+
+## API tokens
+
+To use API tokens for authentication, pass the token in the `Authorization` header using the format `Bearer your-api-token`.
+
+:::note
+Using API tokens in the the GraphQL playground requires adding the authorization header with your token in the `HTTP HEADERS` tab:
+
+```http
+{
+  "Authorization" : "Bearer <TOKEN>"
+}
+```
+
+Replace `<TOKEN>` with your API token generated in the Strapi Admin panel.
+:::

docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md

@@ -7,7 +7,7 @@ description: Using API tokens allows executing a request on Strapi's REST API en
 
 Authentication strategies in Strapi can either be based on the use of the [Users & Permissions plugin](/user-docs/latest/users-roles-permissions/introduction-to-users-roles-permissions.md) or on the built-in API token feature.
 
-Using API tokens allows executing a request on [REST API](/developer-docs/latest/developer-resources/database-apis-reference/rest-api.md) endpoints as an authenticated user.
+Using API tokens allows executing a request on [REST API](/developer-docs/latest/developer-resources/database-apis-reference/rest-api.md) or [GraphQL API](/developer-docs/latest/developer-resources/database-apis-reference/graphql-api.md) endpoints as an authenticated user.
 
 ## Creation
 

docs/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.md

@@ -18,7 +18,7 @@ Strapi provides the following environment variables:
 | `STRAPI_HIDE_STARTUP_MESSAGE`                              | Don't show the startup message in the terminal                                                                                                                                                                                                                                                             | `Boolean` | `false`         |
 | `STRAPI_TELEMETRY_DISABLED`                                | Don't send telemetry usage data to Strapi                                                                                                                                                                                                                                                                  | `Boolean` | `false`         |
 | `STRAPI_LICENSE`                                           | The license key to activate the Enterprise Edition                                                                                                                                                                                                                                                         | `String`  | `undefined`     |
-| `NODE_ENV`                                                 | Type of environment where the application is running.<br/><br/>`production` enables specific behaviors (see  [Node.js documentation](https://nodejs.dev/learn/nodejs-the-difference-between-development-and-production) for details)                                                                               | `String`  | `'development'` |
+| `NODE_ENV`                                                 | Type of environment where the application is running.<br/><br/>`production` enables specific behaviors (see  [Node.js documentation](https://nodejs.dev/en/learn/nodejs-the-difference-between-development-and-production) for details)                                                                               | `String`  | `'development'` |
 | `BROWSER`                                                  | Open the admin panel in the browser after startup                                                                                                                                                                                                                                                          | `Boolean` | `true`          |
 | `ENV_PATH`                                                 | Path to the file that contains your environment variables                                                                                                                                                                                                                                                  | `String`  | `'./.env'`      |
 | `STRAPI_PLUGIN_I18N_INIT_LOCALE_CODE` <br/><br/>_Optional_ | Initialization locale for the application, if the [Internationalization (i18n) plugin](/developer-docs/latest/plugins/i18n.md) is installed and enabled on Content-Types (see [Configuration of i18n in production environments](/developer-docs/latest/plugins/i18n.md#configuration-of-the-default-locale))      | `String`  | `'en'`          |

docs/developer-docs/latest/setup-deployment-guides/configurations/optional/sso.md

@@ -4,6 +4,7 @@ description: Strapi's SSO allows you to configure additional sign-in and sign-up
 sidebarDepth: 3
 canonicalUrl: https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/sso.html
 ---
+<!-- markdownlint-disable-file MD033 MD025 MD036 -->
 
 # Single Sign-On <GoldBadge link="https://strapi.io/pricing-self-hosted/" withLinkIcon />
 
@@ -43,7 +44,6 @@ module.exports = ({ env }) => ({
 });
 ```
 
-
 </code-block>
 
 <code-block title="TYPESCRIPT">
@@ -62,8 +62,6 @@ export default ({ env }) => ({
 </code-block>
 </code-group>
 
-
-
 ## Setting up provider configuration
 
 A provider's configuration is a JavaScript object built with the following properties:
@@ -83,6 +81,93 @@ The `uid` property is the unique identifier of each strategy and is generally fo
 By default, Strapi security policy does not allow loading images from external URLs, so provider logos will not show up on the [login screen](/user-docs/latest/getting-started/introduction.md#accessing-the-admin-panel) of the admin panel unless [a security exception is added](/developer-docs/latest/setup-deployment-guides/configurations/required/middlewares.md#security).
 :::
 
+::: details Example: Security exception for provider logos
+<br/>
+
+<code-group>
+<code-block title="JAVASCRIPT">
+
+```jsx
+// path: ./config/middlewares.js
+
+module.exports = [
+  // ...
+  {
+    name: 'strapi::security',
+    config: {
+      contentSecurityPolicy: {
+        useDefaults: true,
+        directives: {
+          'connect-src': ["'self'", 'https:'],
+          'img-src': [
+            "'self'",
+            'data:',
+            'blob:',
+            'dl.airtable.com',
+            'www.okta.com', // Base URL of the provider's logo
+          ],
+          'media-src': [
+            "'self'",
+            'data:',
+            'blob:',
+            'dl.airtable.com',
+            'www.okta.com', // Base URL of the provider's logo
+          ],
+          upgradeInsecureRequests: null,
+        },
+      },
+    },
+  },
+  // ...
+]
+
+```
+
+</code-block>
+
+<code-block title="TYPESCRIPT">
+
+```ts
+// path: ./config/middlewares.ts
+
+export default [
+  // ...
+  {
+    name: 'strapi::security',
+    config: {
+      contentSecurityPolicy: {
+        useDefaults: true,
+        directives: {
+          'connect-src': ["'self'", 'https:'],
+          'img-src': [
+            "'self'",
+            'data:',
+            'blob:',
+            'dl.airtable.com',
+            'www.okta.com', // Base URL of the provider's logo
+          ],
+          'media-src': [
+            "'self'",
+            'data:',
+            'blob:',
+            'dl.airtable.com',
+            'www.okta.com', // Base URL of the provider's logo
+          ],
+          upgradeInsecureRequests: null,
+        },
+      },
+    },
+  },
+  // ...
+]
+
+```
+
+</code-block>
+</code-group>
+
+:::
+
 ### The `createStrategy` Factory
 
 A passport strategy is usually built by instantiating it using 2 parameters: the configuration object, and the verify function.
@@ -269,8 +354,6 @@ yarn add passport-github2
 </code-group>
 
 ::: details Configuration example for Github:
-
-<br/>
 <code-group>
 <code-block title="JAVASCRIPT">
 
@@ -309,6 +392,7 @@ module.exports = ({ env }) => ({
 });
 
 ```
+
 </code-block>
 
 <code-block title="TYPESCRIPT">
@@ -419,12 +503,10 @@ module.exports = ({ env }) => ({
 });
 ```
 
-
 </code-block>
 
 <code-block title="TYPESCRIPT">
 
-
 ```jsx
 // path: ./config/admin.ts
 
@@ -466,7 +548,6 @@ export default ({ env }) => ({
 </code-block>
 </code-group>
 
-
 :::
 
 #### Microsoft
@@ -537,7 +618,6 @@ module.exports = ({ env }) => ({
 });
 ```
 
-
 </code-block>
 
 <code-block title="TYPESCRIPT">
@@ -587,9 +667,6 @@ export default ({ env }) => ({
 </code-block>
 </code-group>
 
-
-
-
 :::
 
 #### Keycloak (OpenID Connect)
@@ -726,6 +803,10 @@ yarn add passport-okta-oauth20
 
 </code-group>
 
+::: caution
+When setting the `OKTA_DOMAIN` environment variable, make sure to include the protocol (e.g. `https://example.okta.com`). If you do not, you will end up in a redirect loop.
+:::
+
 ::: details Configuration example for Okta:
 <br/>
 
@@ -811,7 +892,6 @@ export default ({ env }) => ({
 </code-block>
 </code-group>
 
-
 :::
 
 ## Performing advanced customization
@@ -851,7 +931,6 @@ const strategyInstance = new Strategy(configuration, ({ email, username }, done)
 });
 ```
 
-
 </code-block>
 
 <code-block title="TYPESCRIPT">
@@ -871,11 +950,9 @@ const strategyInstance = new Strategy(configuration, ({ email, username }, done)
 });
 ```
 
-
 </code-block>
 </code-group>
 
-
 ### Authentication Events
 
 The SSO feature adds a new [authentication event](/developer-docs/latest/setup-deployment-guides/configurations/required/admin-panel.md#available-options): `onSSOAutoRegistration`.
@@ -908,8 +985,6 @@ module.exports = () => ({
 });
 ```
 
-
-
 </code-block>
 
 <code-block title="TYPESCRIPT">
@@ -936,7 +1011,5 @@ export default () => ({
 });
 ```
 
-
 </code-block>
 </code-group>
-