Development News

Droptica: Drupal Security Modules and Best Practices for Your Website

Main Drupal Feed - Fri, 09/24/2021 - 09:09

The security of the solutions we provide is a very important factor for us. Due to this and the fact that Drupal is the safest CMS, in this article, we'll present the list of recommendations that'll take the security of your Drupal website to an even higher level.

Drupal security. Why is it good to stay up to date?

Your application is less susceptible to exploiting known vulnerabilities. That's it. But it means so much more.

As I've mentioned before – updating modules and libraries is one of the simpler methods of improving the security of our application. The Drupal community supported by the special Drupal Security Team constantly monitors the user reports on potential security bugs and offers to help the modules' authors solve them. The result of these actions are module updates that introduce security patches.

Configuration of the login panel

An incorrectly configured login panel may provide information about the existence in the database of a user using the login provided in the form. If the information that the panel returns in the case in which the attacker provided an incorrect login is different than when the login is correct, we're dealing with a brute force attack vector. This way, the attacker may obtain the logins first and then deal with brute-forcing the passwords.

Drupal modules increasing website security

Drupal has several modules that may improve security. Their configuration doesn't require extensive technical knowledge and doesn't take as much time as other methods of securing a website. We present below some tools of this type.

Drupal Password Policy

The Password Policy module allows for enforcing restrictions on the users' passwords by defining password policies. It can be defined by a set of requirements that must be met before a user password change is accepted. Every restriction has a parameter that specifies the minimum number of important conditions that must be fulfilled to meet the requirement.

Let's suppose we're limited to uppercase letters (with parameter 2), as well as limited to numbers (with parameter 4). This means that a user password must contain at least two uppercase letters and at least four numbers to be accepted.

The module also implements the "expiring password" function. The user is forced to change their password and is optionally blocked when their old password expires.

Drupal Password Policy allows administrators to force specific users or entire roles to change their password the next time they log in. The request to change the password, along with the appropriate form, appears as a popup instead of redirecting the user to the typical user/{user_id}/edit page.

Drupal Security Review

The Security Review module automates the testing of many easy-to-make mistakes that cause the website to be unsafe. This Drupal module is intuitive and very easy to use. The quickly-prepared report is legible and clearly indicates what needs to be improved. The module doesn't automatically introduce changes to your page. The results of the report should be analyzed, and – in selected cases – appropriate corrections should be made. Not all recommendations will be acceptable. It all depends on the unique factors of your website.

Drupal Security Kit

The Security Kit module provides a variety of security-enhancing options to help reduce the risk of various vulnerabilities in your application being exploited. The module reduces the likelihood of using many types of attacks, including:

  • cross-site scripting,
  • cross-site request forgery,
  • clickjacking.

The full description of the functionalities can be found in the article linked above.

Source: Drupal.org

Drupal Paranoia

The Paranoia module identifies most places where the user can execute the PHP code using the Drupal interface and then blocks them. This reduces the potential threat resulting from the attacker gaining high-level authorization in Drupal.

What does the module do?

  • Blocks the grant of the use of PHP for block visibility permission.
  • Blocks the ability to create text formats that use the PHP filter.
  • Blocks the ability to edit the user account with uid 1.
  • Blocks granting the permissions that may reduce the website security.
  • Blocks disabling this module. To disable it, you need to edit the database.

In order to take full advantage of this module, you need to identify all the entities, fields, and blocks that use the Drupal PHP filter and change them so that they work without it, and then remove the standard PHP filter available in admin/config/content/formats.

How to create a secure code in Drupal?

Drupal uses the solutions that are assumed to be secure when used according to the standards. There are many rules you need to follow when creating a secure code. We present the most important of them below.

Use Twig

The Twig engine "auto-escapes" all variables by default. This means that all the strings rendered by the Twig templates (e.g., everything between {{ }}) are automatically cleared of the elements that may compromise the security of your application.

When rendering the attributes be sure to embed them between quotation marks " or apostrophes '. For example, class=”{{foo}}”, not class={{foo}}.

Use placeholders

Translation API also cleans up strings. Use it for the strings you want to translate and later, for example, render on the frontend side.

In Drupal, there are three types of placeholders in the Translation API:

@variable

We use it when we want to substitute a string or an object of the MarkupInterface class for a placeholder.

%variable

We use it when we want to embed a value between the tags.

:variable

We use it when the value we want to substitute is the URL we want to embed in the href attribute.

You can find more about placeholders at Drupal.org.

Learn the API and use it

Drupal provides many features for cleaning up strings. Among them are:

t(), Drupal::translation()->formatPlural()

Used along with the placeholders described above, it allows for creating secure strings ready to be translated.

Html::escape()

Used to clean up plain text.

Xss::filterAdmin()

Use it when you want to clean up the text entered by an admin who should be able to use most of the HTML tags and attributes.

UrlHelper::stripDangerousProtocols(), UrlHelper::filterBadProtocol()

Useful for URL checking, can be used together with SafeMarkup::format().

The strings that have passed through the functions t(), Html::escape(), Xss::filter() or Xss::filterAdmin() are automatically considered safe, as are the strings produced by the render array from the Renderer class.

Filter text also in JavaScript

Server-side text filtering is considered to be one of the best practices. However, there are cases where filtering will also take place on the client side to provide additional temporary filtering capability. It's useful, for example, when rendering the elements that are updated as the user types the text (that is, there are changes to the DOM tree being introduced). To filter text in Drupal by using JavaScript, you should use the Drupal.checkPlain() function. This feature cleans up the text by removing the harmful elements and protects against, for example, some clickjacking attack methods.

Use an abstraction layer when working with a database

We recommend never using pure values in the queries. You should use placeholders instead.

Example:

\Database::getConnection()->query('SELECT foo FROM {table} t WHERE t.name = ‘ . $_GET['user']);

Vs

\Database::getConnection()->query('SELECT foo FROM {table} t WHERE t.name = :name', [':name' => $_GET['user']]);

In the second case, instead of using the value from the user parameter directly, we provide it as the :name placeholder substitute. This way, before putting this value in the final query, Drupal will first clean it from the elements that could cause SQL Injection.

Security audit

The process of "hardening" a site should end with a comprehensive security audit that will catch even more potential threats on your page.

A security audit should include:

Modules and libraries review. This means checking the versions of the installed Drupal modules, reviewing the patches, PHP libraries, and JavaScript.

Configuration review. As part of this activity, we carry out authorization audits for the roles, views, routing.yml files in custom modules, text formats, error logging and forms.

Repository review. We check the custom modules and themes, including routing, custom forms, SQL queries, filtering mechanisms and file permissions.

Repository contents identification. We audit the contents of the settings.php and .env files. We also conduct an audit of deeply hidden elements. It's based on checking the repository for, for example, SSL private keys or database copies or dumps.

You can find the full description of many of the elements presented in the above list in the linked articles.

Drupal security modules - summary

Depending on the level of advancement and knowledge of Drupal, you can introduce appropriate corrections to the application to make it more secure. The examples presented in this article will definitely reduce the number of attack vectors and the likelihood of using them. We recommend analyzing the available options and possibly introducing the changes or new elements that'll reduce the risk of an attack on your application. If you need help with such activities, our Drupal support team can conduct an audit of your website security.

Droptica: Drupal Security Modules and Best Practices for Your Website

Main Drupal Feed - Fri, 09/24/2021 - 09:09

The security of the solutions we provide is a very important factor for us. Due to this and the fact that Drupal is the safest CMS, in this article, we'll present the list of recommendations that'll take the security of your Drupal website to an even higher level.

Drupal security. Why is it good to stay up to date?

Your application is less susceptible to exploiting known vulnerabilities. That's it. But it means so much more.

As I've mentioned before – updating modules and libraries is one of the simpler methods of improving the security of our application. The Drupal community supported by the special Drupal Security Team constantly monitors the user reports on potential security bugs and offers to help the modules' authors solve them. The result of these actions are module updates that introduce security patches.

Configuration of the login panel

An incorrectly configured login panel may provide information about the existence in the database of a user using the login provided in the form. If the information that the panel returns in the case in which the attacker provided an incorrect login is different than when the login is correct, we're dealing with a brute force attack vector. This way, the attacker may obtain the logins first and then deal with brute-forcing the passwords.

Drupal modules increasing website security

Drupal has several modules that may improve security. Their configuration doesn't require extensive technical knowledge and doesn't take as much time as other methods of securing a website. We present below some tools of this type.

Drupal Password Policy

The Password Policy module allows for enforcing restrictions on the users' passwords by defining password policies. It can be defined by a set of requirements that must be met before a user password change is accepted. Every restriction has a parameter that specifies the minimum number of important conditions that must be fulfilled to meet the requirement.

Let's suppose we're limited to uppercase letters (with parameter 2), as well as limited to numbers (with parameter 4). This means that a user password must contain at least two uppercase letters and at least four numbers to be accepted.

The module also implements the "expiring password" function. The user is forced to change their password and is optionally blocked when their old password expires.

Drupal Password Policy allows administrators to force specific users or entire roles to change their password the next time they log in. The request to change the password, along with the appropriate form, appears as a popup instead of redirecting the user to the typical user/{user_id}/edit page.

Drupal Security Review

The Security Review module automates the testing of many easy-to-make mistakes that cause the website to be unsafe. This Drupal module is intuitive and very easy to use. The quickly-prepared report is legible and clearly indicates what needs to be improved. The module doesn't automatically introduce changes to your page. The results of the report should be analyzed, and – in selected cases – appropriate corrections should be made. Not all recommendations will be acceptable. It all depends on the unique factors of your website.

Drupal Security Kit

The Security Kit module provides a variety of security-enhancing options to help reduce the risk of various vulnerabilities in your application being exploited. The module reduces the likelihood of using many types of attacks, including:

  • cross-site scripting,
  • cross-site request forgery,
  • clickjacking.

The full description of the functionalities can be found in the article linked above.

Source: Drupal.org

Drupal Paranoia

The Paranoia module identifies most places where the user can execute the PHP code using the Drupal interface and then blocks them. This reduces the potential threat resulting from the attacker gaining high-level authorization in Drupal.

What does the module do?

  • Blocks the grant of the use of PHP for block visibility permission.
  • Blocks the ability to create text formats that use the PHP filter.
  • Blocks the ability to edit the user account with uid 1.
  • Blocks granting the permissions that may reduce the website security.
  • Blocks disabling this module. To disable it, you need to edit the database.

In order to take full advantage of this module, you need to identify all the entities, fields, and blocks that use the Drupal PHP filter and change them so that they work without it, and then remove the standard PHP filter available in admin/config/content/formats.

How to create a secure code in Drupal?

Drupal uses the solutions that are assumed to be secure when used according to the standards. There are many rules you need to follow when creating a secure code. We present the most important of them below.

Use Twig

The Twig engine "auto-escapes" all variables by default. This means that all the strings rendered by the Twig templates (e.g., everything between {{ }}) are automatically cleared of the elements that may compromise the security of your application.

When rendering the attributes be sure to embed them between quotation marks " or apostrophes '. For example, class=”{{foo}}”, not class={{foo}}.

Use placeholders

Translation API also cleans up strings. Use it for the strings you want to translate and later, for example, render on the frontend side.

In Drupal, there are three types of placeholders in the Translation API:

@variable

We use it when we want to substitute a string or an object of the MarkupInterface class for a placeholder.

%variable

We use it when we want to embed a value between the tags.

:variable

We use it when the value we want to substitute is the URL we want to embed in the href attribute.

You can find more about placeholders at Drupal.org.

Learn the API and use it

Drupal provides many features for cleaning up strings. Among them are:

t(), Drupal::translation()->formatPlural()

Used along with the placeholders described above, it allows for creating secure strings ready to be translated.

Html::escape()

Used to clean up plain text.

Xss::filterAdmin()

Use it when you want to clean up the text entered by an admin who should be able to use most of the HTML tags and attributes.

UrlHelper::stripDangerousProtocols(), UrlHelper::filterBadProtocol()

Useful for URL checking, can be used together with SafeMarkup::format().

The strings that have passed through the functions t(), Html::escape(), Xss::filter() or Xss::filterAdmin() are automatically considered safe, as are the strings produced by the render array from the Renderer class.

Filter text also in JavaScript

Server-side text filtering is considered to be one of the best practices. However, there are cases where filtering will also take place on the client side to provide additional temporary filtering capability. It's useful, for example, when rendering the elements that are updated as the user types the text (that is, there are changes to the DOM tree being introduced). To filter text in Drupal by using JavaScript, you should use the Drupal.checkPlain() function. This feature cleans up the text by removing the harmful elements and protects against, for example, some clickjacking attack methods.

Use an abstraction layer when working with a database

We recommend never using pure values in the queries. You should use placeholders instead.

Example:

\Database::getConnection()->query('SELECT foo FROM {table} t WHERE t.name = ‘ . $_GET['user']);

Vs

\Database::getConnection()->query('SELECT foo FROM {table} t WHERE t.name = :name', [':name' => $_GET['user']]);

In the second case, instead of using the value from the user parameter directly, we provide it as the :name placeholder substitute. This way, before putting this value in the final query, Drupal will first clean it from the elements that could cause SQL Injection.

Security audit

The process of "hardening" a site should end with a comprehensive security audit that will catch even more potential threats on your page.

A security audit should include:

Modules and libraries review. This means checking the versions of the installed Drupal modules, reviewing the patches, PHP libraries, and JavaScript.

Configuration review. As part of this activity, we carry out authorization audits for the roles, views, routing.yml files in custom modules, text formats, error logging and forms.

Repository review. We check the custom modules and themes, including routing, custom forms, SQL queries, filtering mechanisms and file permissions.

Repository contents identification. We audit the contents of the settings.php and .env files. We also conduct an audit of deeply hidden elements. It's based on checking the repository for, for example, SSL private keys or database copies or dumps.

You can find the full description of many of the elements presented in the above list in the linked articles.

Drupal security modules - summary

Depending on the level of advancement and knowledge of Drupal, you can introduce appropriate corrections to the application to make it more secure. The examples presented in this article will definitely reduce the number of attack vectors and the likelihood of using them. We recommend analyzing the available options and possibly introducing the changes or new elements that'll reduce the risk of an attack on your application. If you need help with such activities, our Drupal support team can conduct an audit of your website security.

PreviousNext: Overview of our Front-end Stack

Main Drupal Feed - Fri, 09/24/2021 - 02:12

Front-end technology stacks tend to move quickly. At PreviousNext, we have been constantly evolving the tech stack to take advantage of best-practice.

In this post, we take a closer look at the front-end tools we use at PreviousNext in 2021 and some of the rationale behind the decisions.

by kim.pepper / 24 September 2021

Our front-end stack consists of the following tools:

  • npm, manages all our dependencies and runs our build scripts.
  • post-css to modernise our CSS.
  • kss-node builds the styleguide.
  • stylelint and eslint lints our CSS and JS.
  • Browsersync is used for testing and CSS live reloading.
  • babel and rollup.js are used to transpile and bundle ES6 js.
NPM

Modern front-end development leverages many open-source libraries for JavaScript. To manage all this, we use npm as the package manager. There was a period where frustrations with performance led to us switching to yarn, but these issues have been resolved in more recent versions of npm, so we switched back.

We also store a number of script aliases in package.json to simplify the day to day task. This includes compiling CSS/JS and generating a styleguide. For example:

$ npm start

will automatically watch for any changes to .css or .js files, will build the CSS, styleguide, and live reload Browsersync.

KSS

KSS Node is a Node.js implementation of Knyle Style Sheets (KSS), "a documentation syntax for CSS" that's intended to have syntax readable by humans and machines.  We use KSS to generate our living styleguides.

Browsersync

We use Browsersync to speed up the feedback loop. Changes to CSS and JS are compiled and automatically sync'd with the browser, so you see changes immediately.

Maintaining coding standards

By default Linting is required for all custom CSS and JS files. This makes code reviews way easier, as we're not having to pick up on style changes, and can focus on the meaningful changes.

We use Stylelint for CSS linting, and ESLint for JavaScript linting with

SMACSS, BEM and DRY

We follow the SMACSS approach to categorisation, breaking CSS down into modular components.

We also follow the basic BEM naming pattern.

When combined with DRY (don’t repeat yourself) approach to CSS in general, this ensures the Drupal theme meets current coding standards.

We use some alternative terminology as these are used in Drupal already (e.g. blocks and modules). They map to the original as follows:

# From SMACSS module = component submodule = variant theme = variant # From BEM block = component modifier = variant CSS Structure and Categorisation

We like to compile CSS files into separate components:

# Custom variables; included in all other files. /src/_constants.css # Base styles; resets, element defaults, fonts, etc. /src/base/* # Layouts and grid systems. /src/layout/* # Form fields. /src/form/* # Components; independently styled components that can live anywhere in a layout. /src/* Testing for accessibility

We regularly run our Drupal theme through Nightwatch Axe to make sure we aren't creating any accessibility errors.

This will review the following (and more):

Mixtape

On top of all this, PreviousNext has developed it's own design system, Mixtape. This allows us to re-use common design components across the sites we develop.

Mixtape provides:

JavaScript ESM

Our JavaScript builds have evolved to leverage ES6 modules/imports and code splitting with  Rollup.

Entry points from custom profiles, modules, and themes are consumed and outputted with common chunks into site wide libraries. You can read more about our approach in our post on  Performance improvements with Drupal 8 Libraries.
 

All JavaScript uses ES6 syntax, which is transpiled using Babel. This allows us to develop using modern JavaScript while still supporting older browsers. See Using ES6 in your Drupal Components.

Summary

Front-end development is constantly evolving, but as you can see, we can keep the front-end development of Drupal sites up to date using the latest tools and techniques.

Tagged Front End Development, JavaScript, CSS

Drupal Association blog: You can become a co-maintainer of modules for Drupal 9!

Main Drupal Feed - Thu, 09/23/2021 - 20:26

Are you looking to take the next step in contributing to Drupal?

At DrupalCon Europe contribution days, 4-7 October (free to all!), one way you can get involved is by offering to co-maintain modules that still need to be updated for Drupal 9. 

You can find a list of available projects here - be sure to check the date in the issue title to ensure the project is eligible for maintainer requests! 

If an issue has already been closed - that means the maintainer has declined new maintainer help, so focus on the open issues only. 

The steps to request co-maintainership are:

  1. Comment on the issue explaining why you would like to maintain the module. 

  2. If the project is opted in to security coverage, confirm that you have previously received security coverage opt-in permission.

  3. If an existing maintainer has not commented, move the issue to the Drupal.org Project Ownership queue by editing the 'Project' field on this issue.

  4. From there, a Drupal.org Site Moderator will review the issue and grant maintainership if the requirements are met. 

Thank you for getting involved and making Drupal even better!

Promet Source: Why Open Source is Force for Good Government

Main Drupal Feed - Thu, 09/23/2021 - 17:00
Last week, one of the largest and most populous counties in the United States launched a new website that a team of us at Promet Source had the privilege to design, build, and manage the content migration from a proprietary CMS.  Seeing this beautiful multi site project through to completion was more than a labor of love. We viewed it as a rescue mission from a costly, locked-in software licensing contract and toward the flexibility and freedom of an open source, Drupal CMS. 

Acro Media: Getting started with BigCommerce for Drupal | Acro Media

Main Drupal Feed - Thu, 09/23/2021 - 14:00

Acro Media’s own Chithra K has put together this handy, step-by-step guide to integrating your BigCommerce store with the Drupal CMS.

BigCommerce for Drupal setup guide

The BigCommerce for Drupal module, created by Acro Media in partnership with BigCommerce, was released early this year and brings together two different platforms – BigCommerce, the open SaaS ecommerce platform, and Drupal, the open source content management system. The result provides a wonderful new way for retailers to implement an innovative and content-rich headless ecommerce strategy. If you use one and would like to have the capabilities of the other, the BigCommerce for Drupal module is the bridge you need. With this module, you can use Drupal as the powerful front-end CMS with BigCommerce as the easy-to-use and scalable ecommerce backend.

This post is a step-by-step guide for people who want to know how to install the BigCommerce for Drupal module and get started with both platforms. If you just want to know more about BigCommerce and Drupal together as an ecommerce solution, check out this post instead.

How this module works

Here’s a quick overview of how this all works. The BigCommerce for Drupal module integrates BigCommerce and Drupal together, but each platform is still used for different tasks.

In BigCommerce, you configure products, categories, shipping, taxes and everything else for the ecommerce side of your site. BigCommerce is also where you go to manage orders as they come in.

Drupal is then used for the website frontend and themeing. Product and category information from BigCommerce are synced to Drupal, importing them as Drupal Commerce products so that they can be displayed and used like any other Drupal-based content. Any non-commerce content is also managed within Drupal. When a customer goes to checkout, a BigCommerce checkout pane is embedded in the Drupal site to securely process payment and save customer and order information.

Setup BigCommerce and Drupal

On to the guide! Follow these steps and you’ll have your BigCommerce and Drupal store configured in no time!

Prerequisites

This guide already assumes that you have the following ready.

  1. A BigCommerce account and store created
    You will need to create a BigCommerce account with at least one product, shipping method and payment method configured in your BigCommerce store. Do this here, not in Drupal.

    NOTE: BigCommerce currently offers a 14-day trial period, so anyone can go and create and configure a store easily for free. For this demo, I signed up for that and created some random products to use for testing.

  2. A working Drupal 8 site
    You should have a Drupal 8 site with the Commerce module enabled and a default store added (via Commerce > Configuration > Store > Stores). You don’t need to do any other setup here yet or enable any of the other Commerce modules like checkout or payment. BigCommerce is going to handle all of this for you.

  3. An SSL certificate for your Drupal site
    Your Drupal website needs to have an SSL certificate active for the BigCommerce checkout form to render. This is required because it ensures security for your customers at checkout, so make sure you install one.
BigCommerce for Drupal setup guide

With the prerequisites done, here’s what you need to do to the BigCommerce for Drupal connection made.

Step 1: Create a BigCommerce API account
  1. Go to your BigCommerce store admin page and navigate to Advanced Settings > API Accounts.

  2. Click on the “Create API Account” button and select “Create V3/V2 API Token”.


    Fig: BigCommerce Store API Accounts page

  3. Provide a name (i.e. Product Sync) and select the scope for each feature (i.e. if you don’t want the ability for the Drupal admin to modify the product information, you can set the scope for “Products” as “read-only”).


    Fig: API configuration in BigCommerce

  4. Click “Save” to save your changes. Once saved, you will see a summary and a prompt to download a file. Download it and keep it safe. Once you create an API account, you can’t modify the keys (but you can always make a new one).


    Fig: BigCommerce API Credentials dialogue box
Step 2: Download and configure the BigCommerce for Drupal module
  1. Get and install the BigCommerce for Drupal module.

    TIP: This module requires a bunch of other modules to work. To get the BigCommerce for Drupal module and all of its dependencies at the same time it’s recommended to use Composer instead of manually downloading it. Running the following command within your Composer-based Drupal project will get everything you need.

    composer require drupal/bigcommerce
  2. In Drupal, navigate to the module configuration page at Commerce > Configuration > BigCommerce > BigCommerce Settings.
    1. Fill in the API Path, Client ID, Secret Key, and Access Token that you received when creating the BigCommerce API.

    2. Hit “Save”. If everything is correct, you will see a message saying “Connected Successfully”.


      Fig: BigCommerce Configuration page in Drupal site
  3. Next, we configure the Channel Settings. This will create a storefront URL for you in BigCommerce which will match the one that is generated on the Drupal side.

    1. Select “Add new channel” from the select channel list.

    2. Provide a channel name.

    3. Click the “Create new BigCommerce channel” button. You will then see a Site ID and Site URL on the setting page.


      Fig: BigCommerce configuration page in Drupal
  4. Now in the same Channel Settings area, click on the “Update BigCommerce Site URL” button. This lets you confirm that the URL generated is actually sent to BigCommerce, otherwise, the checkout form will not be loaded on your Drupal site.

    You can also confirm the channel connection from within the BigCommerce admin dashboard by visiting the Channel Manager admin page.


    Fig: Channel Manager storefront confirmation in BigCommerce
Step 3: Sync products, variations and taxonomies from BigCommerce
  1. In Drupal, navigate to the product synchronization page at Commerce > Configuration > BigCommerce > BigCommerce Product Synchronization.
  2. Click the “Sync Products from BigCommerce” button and ta-da, all the products, variations, and categories will be synced to your Drupal site in an instant.
    Alternatively, you can also synchronize via the following Drush command. Advanced Drupal users can use this command on cron to do automatic syncing.

    drush migrate:import --group bigcommerce
    Fig: Product Synchronization page


    Fig: Syncing from BigCommerce in progress

    NOTE: If you run into errors when syncing products, it is probably because you don’t have a store added in the Drupal Commerce module yet. Add one at Commerce > Configuration > Store > Stores.

    TIP: Any time you make changes to the products in BigCommerce, visit this page or use the Drush command to synchronize the changes. Before syncing, you’ll also see a message telling you that updates are available.

  3. Confirm the products have synced by visiting the Product page for Drupal Commerce at Commerce > Products. A list of all of the products brought in from BigCommerce will appear here.
Step 4: See the BigCommerce checkout in action
  1. Now that everything is set up, go to a product page, and it to your cart and proceed to checkout.

    If everything was done correctly, you will be able to see the BigCommerce checkout form embedded into your Drupal site! Hurray! All of the shipping methods, payment methods, tax calculations, and other BigCommerce store configurations will be seen in the embedded form here.

    If you don’t see the checkout form make sure that your channels settings are correct and that you have an SSL certificate installed.


    Fig: Drupal’s checkout page with embedded BigCommerce checkout form


    Fig: Drupal’s checkout page after order complete

  2. Once an order has been placed, the order information will be stored in Drupal (at Commerce > Orders) and will also be sent to BigCommerce (at Orders > View).


    Fig: BigCommerce backend View Orders page
Additional notes

The BigCommerce for Drupal module is ready for production and available for all to use. When writing this guide, there were some additional notes that I wanted to share.

  • At this time, product management should always be handled within BigCommerce and then synced to Drupal. Currently, there is no option to bring back a product if you delete it on the Drupal side, so be careful.
  • A development roadmap for the module can be found here. It outlines future features and plans.
  • If you use the module and find any bugs or want specific features, please add them to the module issue queue here.
Acro Media is a BigCommerce Agency Partner

Acro Media is the development team partnered with BigCommerce that made the BigCommerce for Drupal module a reality. We have many, many years of ecommerce consulting and development experience available to support your team too.

If you’re interested in exploring Drupal, BigCommerce or both for your online store, we’d love to talk.

Editor’s note: This article was originally published on December 2, 2019, and has been updated for freshness, accuracy and comprehensiveness.

robertroose.com: How to create the perfect RSS feed with Drupal 9

Main Drupal Feed - Thu, 09/23/2021 - 08:08

RSS is a great way to syndicate your content, but setting up a feed correctly displaying your articles can be tricky. In this blog post I will show you how to use Views to build the perfect feed in Drupal 9.

Redfin Solutions: Upgrading Drupal 7 to Drupal 9: What to expect

Main Drupal Feed - Wed, 09/22/2021 - 14:44
As a Drupal 7 user or website owner, it’s important to understand what’s next for your web presence as Drupal 7 and Drupal 8 reach their respective end-of-life. This guide will help you understand what to expect so that you can plan accordingly and get a sense for the resources you’ll need to allocate to upgrade Drupal 7 to 9.

Tag1 Consulting: On 20 Years of Drupal - an interview with Josh Koenig

Main Drupal Feed - Wed, 09/22/2021 - 14:38

Drupal has had many, many contributors over its 20 years of existence. These contributors vary from the person answering questions here and there in IRC/Slack and the issue queues, to people who run agencies and hosting companies aimed at keeping Drupal in the public eye. Drupal’s continued success relies on all types of people to keep the drop moving. In this Tag1 Team Talk, we continue to celebrate the 20th anniversary of Drupal. Tag1 Managing Director Michael Meyers is joined by Josh Koenig. Long time Drupal community members will know Josh as one of the founders of ChapterThree, and more recently as a co-founder and Chief Strategy Officer at Pantheon. In this talk, Josh and Michael go back into the history of Drupal, where Josh got started, and how ChapterThree and then Pantheon were formed to meet the needs of Drupal users. --- For a transcript of this video, see Transcript - Josh Koenig on 20 years of Drupal. Click here for a list of other interviews in this series. --- Photo by Gloria Cretu on Unsplash

Read more lynette@tag1co… Wed, 09/22/2021 - 07:38

Lullabot: How We Compare: Leaderboards and Related Comparison Metrics in the Drupal Community

Main Drupal Feed - Tue, 09/21/2021 - 20:31

Whoever said "comparison is the death of joy" was onto something. Comparing ourselves to others can create all kinds of problems, whether we think we are worse, better, or equal. Most of us probably know to avoid comparisons, and yet we can't seem to help ourselves. We do it in our personal lives and in professional settings.

Specbee: How to export data from Views using Drupal's Views Data Export module

Main Drupal Feed - Tue, 09/21/2021 - 11:33
How to export data from Views using Drupal's Views Data Export module Akshay Devadiga 21 Sep, 2021

Oftentimes, we may need to export huge amounts of data from views into files so that it can be used for analysis or administration by non-technical or technical users. Instead of creating a custom module for this, we can leverage the Views Data Export module which is available with a stable release for Drupal 7, 8 and 9 versions.

The Views data export module was designed to provide a way to export the large amount of data from views. It also provides a plugin for progressive batch operations which will improve your website’s performance.

When would you need the Views Data Export Module?

You would use the Views Data Export module for Drupal 8 and Drupal 9 if you want to:

  • Migrate content for different Drupal instances using migrate tools.
  • Perform a feeds migration - which basically does the migration with zero coding but using migrate tools we need to have a custom module with the migration scripts according to the business logic.
  • Generate reports using site data to analyse day-to-day interactions with the website.
Installing the module

It would be best to download the Views Data Export module using composer since the module has a dependency on the CSV Serialization module and other libraries. When you use composer for the installation, the dependencies will be automatically handled.

$ composer require drupal/views_data_export

Next, install the module as you would install any contributed module. Quickest way is to use the drush command line tool to install the module.

$ drush en -y views_data_export

This will install all the required dependent modules.

Let’s Set it Up

After enabling the module, in order to export the views we will first need to create the views and set up the export display with the necessary configurations. Check the detailed explanations for each step that you can follow:

1. Creation of the Views :

Create a master views display according to the requirements with the necessary fields and filters as needed. In our case, we have created the views for listing all the users in the site. Check image below for reference.

 

2. Creating the Export display :

After enabling the module we will get one more button to add the Data export display in the +Add attachment dropdown. Using this, add the display as data export it will create the new data export display by copying all the fields and filters from the master display.

  3. Data export display configurations :

Export display has various configurations that will help in creating the data export of the views in various formats. See the below image that displays all the configurations.

  4. Displaying the page with download button :

Once all the setup is done, save the view and visit the page. Now you will be able to see the download button in the footer region of the views which will download the data export with all the necessary filters if applied. 

Are there any Limitations to this module?

Yes. One of them is that the Drupal 9 version does not support Excel/Xlsx format. Also, batch operations are fully supported only with MySQL databases.

With Drupal 8 and 9’s list of growing modules, there always seems to be a module for that! 
The Views Data export module for Drupal is one such module which is a very handy tool when you want to migrate your views results into CSV, JSON or XML formats. Thus saving you time and effort in writing custom code. Want to discuss with our Drupal experts about a new project that we could help you out with? We’d love to hear from you!

Drupal Drupal 8 Drupal 9 Drupal Development Drupal Module Drupal Planet Drupal Tutorial Subscribe to our Newsletter Now Subscribe

Leave us a Comment

  Recent Blogs Image How to export data from Views using Drupal's Views Data Export module Image How Drupal Empowers Nonprofits in Achieving their Mission Image An Easy Step-by-Step Guide to Writing Your Own Custom Drush 9 (and 10) Commands Explore Our Drupal Services TAKE ME HERE Featured Success Stories

A Drupal powered multi-site, multi-lingual platform to enable a unified user experience at SEMI.

link

Discover how our technology enabled UX Magazine to cater to their massive audience and launch outreach programs.

link

Discover how a Drupal powered internal portal encouraged the sellers at Flipkart to obtain the latest insights with respect to a particular domain.

link

Web Wash: Bulk Update Content using View Bulk Operations in Drupal

Main Drupal Feed - Tue, 09/21/2021 - 06:45

View Bulk Operations, commonly referred to as VBO, is a module that allows specifically defined actions that can be simultaneously executed on rows of Views data.

This tutorial will show how to install this module and set up a simple View with a defined action and VBO field. We will then demonstrate how to use VBO to perform this action on selected View rows. We will also show how you can define permissions for roles to use our defined action.

Agiledrop.com Blog: 3 key considerations for successful agile transformation

Main Drupal Feed - Tue, 09/21/2021 - 06:20

In this article, we discuss 3 key considerations which can serve as great starting points/guides for an agile transformation.

READ MORE

Talking Drupal: Talking Drupal #312 - DrupalPod

Main Drupal Feed - Mon, 09/20/2021 - 16:51

Welcome to Talking Drupal. Today we are talking about DrupalPod with Ofer Shaal.

TalkingDrupal.com/312

Topics
  • Nic - Voting
  • Tara -
    • Did not found core mentoring :oops:
    • New job – Just started a few weeks ago so I’m still getting up to speed.
  • Ofer -
    • Editoria11y, Drupal module to help content editors with accessibility
    • WordTune - Free AI service, rewrite paragraphs.
  • John - SearchStax
  • Module of the Week - Redirect After Login
  • What is DrupalPod?
  • What was the inspiration for DrupalPod?
  • Who are the maintainers?
  • How does DrupalPod work?
  • Are you looking for help maintaining DrupalPod?
  • Who uses DrupalPod?
  • How much of DrupalPod is Open Source?
  • What are some of the features of DrupalPod we haven’t talked about yet?
  • What improvements are on the roadmap? Does it have a roadmap?
  • Where did the DrupalPod Logo come from, who created it?
  • How can people get involved with DrupalPod?
  • Changing gears a bit before we end, what is it like seeing Drupal rector utilized so extensively across contrib?
Resources

SearchStax Editoria11y WordTune DrupalPod Contributing to Core Gitpod SimplyTestMe GitPod Setup

Guests

Ofer Shaal - @shaal

Hosts

Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Tara King - @sparklingrobots

Manifesto: 2021: The year of Acquia certification

Main Drupal Feed - Mon, 09/20/2021 - 16:34

It’s been calculated that the Drupal content management system is now at the heart of around 13% of the world’s top 10,000 websites, a number only set to increase as the user base expands by well over a million per quarter.  Manifesto have been building large scale Drupal sites for over 10 years and now,. Continue reading...

The post 2021: The year of Acquia certification appeared first on Manifesto.

Drupal Association Journey: Pedro Cambra: Drupal Association elections open for 2021

Main Drupal Feed - Mon, 09/20/2021 - 16:25

The self-nomination period for the Drupal Association Board has already started. There are two At-Large positions on the board that are filled by an election process that used to be open to the community and since last year requires a Drupal Association membership to vote. One seat will be elected for the 2021-2023 period in October.

As the Elections page from the Drupal Association states:

Simply put, the At-large Director position is specifically designed to ensure community representation on the Drupal Association board.

The self-nomination period is open up to September 27th and you need to fill this Google form to be considered as a candidate. Please make sure you check the eligibility, legal stuff and responsibilities before running for the seat.

All the information and dates are available in this article: https://www.drupal.org/association/board/elections/election-2021-dates-and-candidates

As a personal note, I want to bring up that I wanted to move a vote to revert the election process to its previous form that didn’t require a Drupal Association membership to vote, but life comes at you fast. I want to keep bringing it the matter on next board meetings, as it seems that creating a task-force to open the communication with the community and review the issue could be on the table.

#Drupal

OpenSense Labs: An extensive study on Create Once, Publish Everywhere (COPE) with Drupal

Main Drupal Feed - Mon, 09/20/2021 - 10:46
An extensive study on Create Once, Publish Everywhere (COPE) with Drupal Maitreayee Bora Mon, 09/20/2021 - 16:16

People of the modern era have witnessed the impact of the digital revolution that has successfully connected the whole world through the medium of technology. Sitting at the cozy corner of your home you can explore the new cuisines added in your favourite restaurant nearby. How about going trekking this weekend? You can get an idea about the best treks with the help of information available over the internet. So, have you ever wondered how the digital content is maintained and made accessible to the large audience across various channels with every new update or information? Well it is made possible with the help of “create once and publish everywhere” (COPE) where you can just create the content once and publish the same in every digital format over multiple platforms, also enhancing the digital outreach. In this article, I will take you through the details of this significant term, C.O.P.E. with Drupal. 

What is meant by create once, publish everywhere (COPE)?

Create once, publish everywhere (COPE) is a strategy that helps in content creation and distribution. With COPE, instead of creating content multiple times over multiple pages, you can manage a single piece of content in one place and publish it in many different platforms for either the first time or the hundredth. Due to this unique facility, more organizations are seen adopting the COPE model that helps in managing their increasing demands over content creation and distribution. Let us look into an example for better understanding. Assume that you own a fashion house and it has a very exciting website. Now, it so happens that you plan to change your business hours which are present in every page of your website. If your website has got 25 pages, does that mean you will have to make changes in all the pages? Not really. Because with COPE you can form a panel or a block which holds your business hours and can instruct your content management system (CMS) that you want that particular block to appear in each page of your website. So, now when you change your business hours, you will only have to change that particular block, and it will get updated over all the pages of your website with just one click. 

COPE was first pioneered by National Public Radio (NPR) to make multimedia content sharing and publishing easy across various devices, email marketing, social media and many more. In regard to the significance of COPE, NPR states that with the growing need of digital content, the opportunities for content providers have increased massively. Therefore, to blow away the audience with amazing pieces of content, the content providers also require distribution platforms and APIs. But along with those, they essentially need to follow the philosophy of COPE which ensures content portability and modularity. Below is a diagram representing NPR’s content management pipeline and how it adopts the COPE principles. The diagram depicts the main principle that is to have content producers and ingestion scripts channel content into just one system or series of nearly tied systems. Also, it illustrates that regardless of content destinations, or its type, the distribution of all content can be done uniformly.  

Source: NPR


With the growing technology, the interaction between the customer and the brands are constantly changing. The users are no longer accustomed to the traditional way of using websites or applications. They are seen connecting to your brands via IoT devices, conversational UIs and wearables. With their exclusive requirements, the customers actively engage with the organization’s content and data over various platforms. Due to the increase in the different channels through which the content is shared, the marketing team felt the need of treating content more like data. The marketers started to conceptualize content in the form of html pages, however the page architecture cannot be applied to all of the content available today. So, here comes the need of adaptation towards the models of structured content. Treating the content like data helps the marketers to practice the approach of COPE across various channels, and  executing structured content enables in extending an organization’s reach at the same time. 

To get a better learning experience about “create once, and publish everywhere” (C.O.P.E) you can go through these informative sessions below.

 


Where can you find COPE?

Now, here comes the question, where do you find COPE? Basically, you’re running into such type of content over various websites you engage in. For example, Healthcare websites that are related to clinic locations, doctors. Retail websites where you can view products of your choice. News websites that are related to news or information. Entertainment websites where you can watch your favorite shows, movies and many more. Finally, to end with, recipe websites related to recipes and blog posts. 

Why shall you COPE?


By far in brief you got an idea what exactly is COPE. Now, it's very essential to know the reasons for implementing it. Since, it is a big initiative that requires time, technical resources and cooperation from various groups at your organization.

Provides scalability

As we know that publishing content is just not limited to the web. With growing times, the number of systems and devices which consume content is increasing. Companies are seen publishing everywhere their content through digital signage, mobile apps, televisions and wearable technology as well. There is a need to make your content ideally scalable as you will have no time to manage your content in a different place for every output. So, having the capacity to create and update content in one single place is the best way to ensure scalability for a long term, and which is undoubtedly provided by COPE.

Provides growth with less resources

One of the important benefits COPE provides is that even with less resources you get the opportunity to grow and develop. A lot of money and time can be saved by not having the burden of creating different content for different platforms. Some of the companies who allow members from non-marketing departments to create content find it difficult to get those professionals to deliver and update content as per requirements. By executing COPE, some of these problems can be resolved as the duplication of content can be eliminated for different platforms.

Provides wider audience reach

COPE allows your organization to circulate content to a growing number of channels. For example, you might post a piece of content to your newsroom and associate it with some particular keywords or categories. Then the content’s summary will automatically be shown up on the newsroom’s homepage, on the main website homepage, and also in category-specific RSS feeds. Additionally, a link to your content and a summary will be shared on social-media automatically, also the users of your mobile app will receive a notification of the accessibility of the new content that can be read by them on their Android phones, iPhones, iPads and tablets. So, with COPE you have the facility of publishing your content over different mediums, also enhancing your audience reach at the same time. 

Provides accessibility

With COPE you can make your content accessible to a wide range of platforms through various formats that allows the people with disabilities to consume content without facing any difficulty. Accessibility can be provided in various forms. This approach is just not providing content accessibility to vision impaired users but also to users who are reading impaired, hearing impaired, neurologically impaired and the ones who are technologically challenged i.e. having slow or no internet access at all. Therefore, all these issues can be solved with the help of this approach.

Provides easier redesign

The web design trends keep on changing frequently, so the organizations need to go through a comprehensive redesign of their sites within a few years or constantly get involved in making iterative changes to their websites. In cases like this, if you do not have the basic principle of COPE i.e. the separation of content completely from the presentation layer, then you will have to create the new design and then copy the existing content into the new templates manually which is so troublesome. But with COPE, by separating content from the design, you don’t have to be concerned about the migration process, since you have the option of applying a different presentation to your content.

Enhances content freshness and accuracy

Managing your content in multiple places can not just be dull and time consuming but it can degrade the quality of your content negatively. If you have to log into various systems to create the same content in just different formats, you might lack enthusiasm in creating fresh content which could bring a negative impact over your Search Engine Results Page Ranking (SERP). Additionally, handling different types of content in numerous places further makes it difficult to provide exact accuracy over all channels. So, all these risks can be handled well by the COPE approach. And the users will be enabled to enter content into structured fields that helps them to personalize specific sections for particular destinations and outputs. The content creation also can be increased by pulling in links to related content that is recently published. 

What does it take to execute COPE?

This section will give you an understanding of what exactly it takes to implement COPE. So, let’s find out.


Separate content and design

The complete separation of content from the presentation layer is one of the primary prerequisites of COPE as you will have to produce your content in any presentation. One important thing to emphasize upon is the need for the appropriate CMS as it works as content capturing tools that are very particular about where or how the content should be viewed, be it a mobile app, web page, TV etc to completely separate the content from the display. You will have to be careful from the content management systems that can distract your content contributors from prioritizing upon publishing quality and fresh content. 

Better structured content entry

Karen McGrane, a content strategist and website accessibility advocate explains the need for more structured content entry. She uses the terminology “dumb blobs versus smart chunks” in her talks around the world. So, dumb blobs are large pieces of content which are managed in one WYSIWYG editor that is similar to a Word document. With this there is a problem, it basically comprises your capacity to share content of different versions like condensed versions for a different website or a synopsis on a homepage. When it comes to executing COPE, content modularity is the key. It is the same as object-oriented programming that enables you to write your code in small, hugely reusable chunks. COPE essentially makes you understand that you need to be away from the dumb blobs and rather make your content entry forms even more smarter. You need to go beyond a monolithic WYSIWYG area by replacing it with much more structured data like content blocks, text fields and textareas, file choosers, pertinent metadata fields such as category, tags and keywords, summary and start and end date.

Cross-platform facility

Both proprietary and open source content management systems are seen struggling with cross-site sharing of content. You need to evaluate whether your CMS is capable enough to share content across sites and pages, and also inspect how it enables content sharing by non-technical users. In case, if you want to move to another system, then it is very important to carefully inspect and examine, also test how the ones which you are assessing supports the content sharing over websites and pages. While evaluating your present CMS, it is imperative to carefully analyze how to produce a single piece of content in as many different formats as you require without duplicating any content. You will have to figure out whether your CMS allows you to manage as many different websites as you require and also publish your content to limitless destinations. 

What are the challenges you face while coping?

Every coin has two sides, so with benefits also comes challenges. Here we will dive into the challenges you might face while coping.


Paradigm shift

For some of the organizations, executing COPE requires an extreme paradigm shift. Some of the contributors might be very protective about their content and hesitant to have it published beyond their control, while others might have a concern that the content which is irrelevant to their page may accidentally be pulled in. Additionally, COPE necessitates you to think differently about the content. For instance, rather than creating “big blobs” which do not allow you to share smaller chunks of content to various platforms, COPE suggests you break your content entry forms into various structured blocks and fields. And in result, it will be time consuming for your “WYSIWYG blob” lobby to get a proper understanding about how your organization and audience will be benefited by the shift.

Requires investment

Depending on your current infrastructure, you might need to make some investments. Let’s say, for example, all the content management systems do not support COPE, and executing a more new, more appropriate CMS also integrating it with other systems can be time consuming and require resources. Training all your content contributors also requires time, and considering that if you don’t go for a CMS switch, you will need to re-work your content entry forms to further allow users to enter content in a much more structured way to attain portability. Ultimately, you will have to ensure that you tend to separate the content from the presentation layer, also providing the contributors the facility to enter content in small chunks instead of big blobs via WYSIWYG editor. One more important aspect is the need to explain to the stakeholders about the requirements and benefits of COPE. With the help of examples of companies like NPR who have successfully executed COPE, you can convince your stakeholders to consider adopting the most essential COPE approach.

Too much COPE is troublesome

A very important thing to remember is that COPE doesn’t signify you to randomly push all content to all platforms. Excessive use of this approach will bring the risk of losing your audience as they will be provided with content that might not be relevant to them. Therefore, it is advisable to be very strategic and recognize which content is suitable to which platforms or channels. Content marketing tools and analytics can be used to understand in detail about the different elements of your target audience, also measure your content effectiveness and strategize your plan accordingly.

What is the right way to COPE?

We have now understood the significance of COPE with the above explanations but along with that we should also be knowing the right approach of COPE. So, this section will exactly guide you with it.


Understanding your users

Adopting a user-centred design approach will help you in preparing your content according to the mindsets and behavioural patterns of the users. By using proper research and testing of the users preferences, you can provide your audience a seamless multi-channel experience of useful and relevant content.

Reviewing your tech stack

There is a necessity for a strong technology infrastructure, and the right content strategy that enables in delivering at the right time, the right content to the right person in the right format. To provide such a seamless delivery there is a need for a very sophisticated content management system that can easily identify which device your website or applications are being viewed on and also adapt what’s displayed suitably. 

Refreshing your internal and external resources

One of the important aspects that mostly gets unnoticed is the internal culture and processes. If your teams are busy working in silos then you won’t be able to get a clear and complete picture of the content creation that would further lead to dissatisfied and disaffected customer experience. 

Getting in touch with your stakeholders

Stakeholders are a very important part of the project's success. You cannot afford to miss the opportunity to contact them at the early stage when you decide to adopt the COPE approach into your business. There is a need for transparency between you and the stakeholders where you can explain to them the significance of this approach and how hugely the business can be benefited by adopting COPE.

Establishing high-level goals

At the beginning it is important to recognize your analytics and know where you exactly want to head towards. Without making them your sole focus, you need to have a SMART that stands for ‘specific, measurable, achievable, relevant, and timely’ goal for your business.

Documenting your future plan

By hitting the ‘Publish’ button on your website, you do not finish your responsibility towards COPE. Since your work towards the web can never be finished. You will have to boost up your team by having frequent discussions where they can document all their plans, marketing strategies to meet the team goals and objectives. Things like identifying how and when the content shall be governed across the website needs to be looked after closely for better outcomes.

COPE with Drupal

It is well known to us that the digital networks consist of a variety of applications, and therefore all your organization’s can depend upon Drupal as the platform for content creation. So, by adopting an API-first architecture, Drupal can empower all your digital systems. Organizations are seen selecting a decoupled Drupal approach for various benefits. Headless Drupal or Decoupled Drupal uncouples the back-end which is accountable for presenting content, enabling Drupal to display content to other front-end systems, also allowing digital tools to utilize the tools of their convenience while sharing content over various channels. 

To execute a decoupled or headless Drupal architecture, organizations require a platform that enables developers to work with both traditional Drupal sites and decoupled Drupal projects as well.

Here, we will now look into how decoupled Drupal works. The developers with decoupled Drupal architecture gets the option of working with Drupal in the following modes.

  • With a completely decoupled Drupal approach, Drupal’s back-end serves as a decoupled CMS, managing and storing data, also availing it to the front-end systems of the developer’s preferences to deliver the content and communicate with Drupal via web service APIs.
  • Developers can choose a hybrid (progressively decoupled) Drupal approach, where a layer of JavaScript gets added to a webpage to provide a single block or component, or to build a communicative end-user experience.

More about the different options of decoupling Drupal here.

Drupal can be an excellent CMS for editors who need to have control over their content presentation and also be a rich headless CMS for developers building huge content ecosystems in one single package. With the help of the below diagram, you will get a clear understanding about the difference between a traditional Drupal site and a headless CMS.


The headless CMS steps back in the areas like in-context administration and in-place editing of content while Drupal focuses on allowing an editor to manage content and page structure in an interface beside a live preview instead of an interface that is entirely separate from the front-end user experience. Headless CMSes are unable to provide a full-fledged editorial experience which is integrated into the front ends to the ones they serve content. In order to make the marketers successful there is a need for a proper display and layout manipulation. But headless CMSes do not hold a strong opinion about display and layout settings and therefore fail to provide the required assistance to the marketers. Whereas one of the key features of Drupal is the capability to control where content appears in a layout structure. One more facility that editors and marketers want is the access to an easy preview system for the unpublished content. But in the headless CMS paradigm, developers will have to come into the picture to deliver a seamless preview by setting up a new API endpoint and deploying a distinct version of their application which issues requests against new ways. Therefore, headless CMS lacks in providing a seamless preview to the marketers and editors as there is an interference of the developers without whose assistance they cannot preview the content on their own. 

So, from the above discussion it is clear that the features provided by Drupal are simply unique in comparison to other headless CMSes. Therefore, Drupal is certainly the first choice for an editor and a developer who enthusiastically look forward to working hand-in-hand with the latest technology and trends.

Learn more about decoupled Drupal here:

Conclusion

If you want to sustain your content management for a long-term, then all you need to do is adopt the COPE framework. This approach will need you to change your perspective towards managing your content to make it available to a wide range of audiences through multiple platforms and channels. And implementing COPE with Drupal will be the best way to ensure your organization the route to success.

blog banner blog image Drupal Traditional Drupal Decoupled Drupal Headless CMS Decoupled CMS Blog Type Articles Is it a good read ? Off

Pages