Drupal Planet

myDropWizard.com: Drupal 6 core security update for SA-CORE-2018-006 (and mimemail and htmlmail)

3 weeks 1 day ago

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix multiple vulnerabilities. You can learn more in the security advisory:

Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-006

The following vulnerabilities mentioned in the security advisory also affect Drupal 6:

  • External URL injection through URL aliases - Moderately Critical - Open Redirect

  • Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

The first vulnerability is in Drupal 6 core, however, the 2nd is only present in the contrib modules: htmlmail, and mimemail. If you don't use those modules, you're not affected by the 2nd vulnerability.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Jacob Rockowitz: Acknowledging individuals contributing to Drupal

3 weeks 1 day ago

In my last blog post, I explained, "Why I am one of the top contributors to Drupal?" and examined my ongoing contribution to the Webform module for Drupal 8. My post was inspired by Dries Buytaert's annual who sponsors Drupal development post. Now I want to dig into that list of who’s and acknowledge other individuals contributing to Drupal.

I am deliberately limiting the discussed contributors to people that I have had minimal or no direct interaction with online or in-person. I want to explore their contributions based on their online presence versus directly interviewing them.

The Drunken Monkey

I genuinely value Drunken Monkey's contribution to Drupal's Search API module.

We rarely appreciate an API module until we have to start using them and diving into the code. The Search API module for Drupal 8 is a magnificent example of great code which conquers one of the hardest challenges in programming: naming things.

For a recent project, I was diving into Search API's code, and Drunkey Monkey helped me out when I discovered Issue #2907518: Breakup tracking of content entities into smaller chunks to prevent memory limit issue. For the developers out there, if you read through the issue to the final patch, you will notice that Drunken Monkey manages to even improve some APIs while fixing the problem.

The Search API Guy

The first place to understand who is who in the Drupal community is people's user profiles. The most immediate thing that stands out about Drunkey Monkey is that he is…

This statement is something I can relate to because I...Read More

Security advisories: Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

3 weeks 1 day ago
  • Advisory ID: DRUPAL-SA-CONTRIB-2018-006
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2018-October-17
Description

Content moderation - Moderately critical - Access bypass - Drupal 8

In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.

In order to fix this issue, the following changes have been made to content moderation which may have implications for backwards compatibility:

ModerationStateConstraintValidator
Two additional services have been injected into this service. Anyone subclassing this service must ensure these additional dependencies are passed to the constructor, if the constructor has been overridden.
StateTransitionValidationInterface
An additional method has been added to this interface. Implementations of this interface which do not extend the StateTransitionValidation should implement this method.

Implementations which do extend from the StateTransitionValidation should ensure any behavioural changes they have made are also reflected in this new method.

User permissions
Previously users who didn't have access to use any content moderation transitions were granted implicit access to update content provided the state of the content did not change. Now access to an associated transition will be validated for all users in scenarios where the state of content does not change between revisions.

Reported by

Fixed by

External URL injection through URL aliases - Moderately Critical - Open Redirect - Drupal 7 and Drupal 8

The path module allows users with the 'administer paths' to create pretty URLs for content.

In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

The issue is mitigated by the fact that the user needs the administer paths permission to exploit.

Reported by

Fixed by

Anonymous Open Redirect - Moderately Critical - Open Redirect - Drupal 8

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

This vulnerability has been publicly documented.

RedirectResponseSubscriber event handler removal

As part of the fix, \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination has been removed, although this is a public function, it is not considered an API as per our API policy for event subscribers.
If you have extended that class or are calling that method, you should review your implementation in line with the changes in the patch. The existing function has been removed to prevent a false sense of security.

Reported by

Fixed by

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution - Drupal 7 and Drupal 8

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

Reported by

Fixed by

Contextual Links validation - Critical - Remote Code Execution - Drupal 8

The Contextual Links module doesn't sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Reported by

Fixed by

Solution

Upgrade to the most recent version of Drupal 7 or 8 core.

Minor versions of Drupal 8 prior to 8.5.x are not supported and do not receive security coverage, so sites running older versions should update to the above 8.5.x release immediately. 8.5.x will receive security coverage until May 2019.

TEN7 Blog's Drupal Posts: Episode 041: Steve Persch

3 weeks 2 days ago
It is our pleasure to welcome to the TEN7 podcast Steve Persch, lead developer advocate at Pantheon. Here's what we're discussing in this podcast: Steve's background; Celebrating a Drupal birthday; Theater background and blogging; WordPress experience; Improv comedy and Comedy Sports gaining self confidence; Experience at Palantir in Chicago; Contributing to Workbench; Discovering Git; Teaching WordPress' Guttenberg editor; What the WordPress & Drupal communities can learn from each other; The 2018 Twin Cities Open Source CMS Unconference; WordPress, Drupal & Joomla; Supporting Backdrop; Alexander Hamilton; Steve Vector (alias)

Hook 42: September Accessibility (A11Y) Talks - Love thy Keyboard

3 weeks 2 days ago

Keyboard accessibility is vital, as many assistive devices emulate the keyboard. Using semantic HTML one can achieve an accessible User Interface (UI) with less code than non-semantic markup.

By managing and guiding focus with semantic HTML, developing an accessible UI is rather easy. Semantic HTML plays an important role in not only accessibility but SEO (Search Engine Optimization) as well. Although we are aware of it, it's often overlooked.

In September’s accessibility talk, Sarbbottam Bandyopadhyay shared the trade-offs of using semantic vs non-semantic markup with an everyday example. He also shared how to manage and guide focus. It was a brief presentation emphasizing the various aspects of keyboard accessibility. He concluded with a brief introduction to WAI-ARIA.

Sarbbottam is a frontend engineer, with more than 14 years experience. He currently works at LinkedIn. He is part of LinkedIn's core accessibility team, focusing primarily on web accessibility. He’s been involved with web accessibility since his Yahoo days.

Drupal Modules: The One Percent: Drupal Modules: The One Percent — User Password Reset Link Timeout (video tutorial)

3 weeks 3 days ago
Drupal Modules: The One Percent — User Password Reset Link Timeout (video tutorial) NonProfit Tue, 10/16/2018 - 09:29 Episode 48

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll consider User Password Reset Link Timeout, a module which permits you to set the duration of password reset links.

Matt Glaman: Running Drupal's FunctionalJavascript tests on DDEV

3 weeks 3 days ago
Running Drupal's FunctionalJavascript tests on DDEV Tuesday 16, October 2018 mglaman

This is part two of a series on running Drupal’s testing suites on DDEV. We left off last time with trying to execute a FunctionalJavscript test and having every test case skipped because no browser emulator was available. In this post, we will run through getting set up to execute Drupal’s FunctionalJavascript tests inside of your DDEV web container.

Ashday's Digital Ecosystem and Development Tips: Five Quick and Easy Tips to Get the Most out of Drupal

2 months 1 week ago

Drupal, especially once you consider the many contributed modules available for it, is a vast system of open source software, and as with most such software, there are a lot of little things you can do to make sure you get the most out of what it has to offer. In this post, I'm going to go over a few such things and touch on how to make Drupal's admin interface more useful while also finding ways to improve site performance and stability.

OpenSense Labs: Decoding Drupal’s Supremacy in Enhancing the User Experience

2 months 1 week ago
Decoding Drupal’s Supremacy in Enhancing the User Experience Shankar Wed, 08/29/2018 - 17:52

You might have to scratch your head to reminisce about the worst things transpired in your life as you try to keep them at bay. Few corking good moments spent with your best friend will be indelible for the rest of your life. A good experience stays with you for a long time. It is much the same way with the websites. A great user experience with the website not only makes it alluring to the online visitors but establishes the camaraderie between them. Drupal can be a wonderful platform for you to provide an amazing digital user experience.


Let’s dive into an example case straight away to see how a website can influence user experience. Skeleton screen is a blank version of a page where information is incrementally loaded. To keep your online visitors engrossed during slower load times, skeleton screen animation can be really useful.

Source: TandemsevenUnderstanding the user experience A good experience stays with you for a long time

How to explain user experience design to a layman? User experience stresses on establishing a deep understanding of users, their needs, what they value, and their limitations.

We often stumble upon the usage of words UI and UX almost happening interchangeably but other than the ‘I’ and the ‘X’ at the end, there is a major difference.

In short, UI is how things look whereas UX is how things work. Also, UX is a process and UI is a deliverable. Difference between the UX design and UI design can be summarised as depicted in the illustration below:


User Experience Honeycomb represents the qualities that should be at the heart of your UX design ensuring that users find value in what you are offering to them.

The qualities or facets of the user experience shown in the hexagonal depiction given here can be explained as follows:

Source: Semantic Studios
  • The website should be able to deliver value to the users. For instance, the UX should advance the mission for non-profits and contribute to the bottomline and alleviate user satisfaction.
  • We must ask ourselves whether our products and services are useful.
  • Usability is of paramount importance even though the interface-centered methods and perspectives of interaction between human and computer do not address every aspect of website design.
  • Our brand identity should get more desirable in our pursuit towards building a robust online presence
  • We should emphasise on building a navigable website with findable objects to help users find what they need.
  • Making our website more accessible to differently-abled people which is the ethical thing to do.
  • There must be credibility in what we offer to users and they should be able to trust and believe in our offerings.
Important tips to improve user experience

To create a good User Experience, a well-planned methodology is required. You would have to think of every possible way a user can interact with your website so that you can strive to improve that interaction.

To create a good User Experience, a well-planned methodology is required. 

With the rapidly changing digital marketing landscape, your website might seem to be in need of redesign and look outmoded. Some of the simplistic ways to improve your website in order to keep up with pace of changing UX needs are laid down below:

  • Using white space makes your content more legible and helps the online visitors to focus on the elements surrounding the text. White space around the text and the titles enhances user attention by 20 percent.
  • Page speed hugely influences UX. Sluggish page load can prove to be an interrupting experience for the users and frustrate them to the core. Most often than not, users just do not have time to wait. Even if the page loading time has a 2-second delay, the website abandonment rate can reach up to 87 percent.
  • Using attractive calls-to-action (CTA) that are marked with an action word enables the easy navigation on your site and the users can easily  get to where they want. More than 90% of the users, who read your headline, would also check out CTA.
  • Using hyperlinks on your page is extremely helpful to grab the attention of the reader. Visual cues like underlined text and different coloured text makes it easy to identify.
  • Using bullets helps the users to get all the information they want quickly and precisely. They will be able to quickly understand benefits, how you solve their problem, and the key features of a product or service.
  • Wise usage of images on your website to support the content can allow a visual break for the users from the text. You need to make sure that they are relevant. Like using an actual image conveying your brand and its services instead of a stock photography can create a connection between the user and the brand.
  • Including well-designed and written headings based on what your potential customers are seeking can be useful. For instance, including keywords in your title can help in targeting your message and getting the attention of right audience.
  • Maintaining website consistency is tantamount to a great UX. Heading sizes, colouring, button styles, design elements, font choices, illustration styles, photo choices etc. should be should themed in a way that your website design is coherent between pages and on the same page.
  • Optimising your site to handle error 404 (page not found) can prove fruitful. Error 404 can frustrate a user and make him rethink spending time browsing your site.
  • Making your site fully responsive should be of top priority. Mobile responsive and mobile-friendly site makes it easy to navigate and works well across platforms from desktops to handheld devices. 57% of users won’t recommend a business which does not have a mobile responsive website.

Take away 50+ User Experience Tips and make sure the user has the best experience on your website

How is Drupal 8 great for an amazing user experience?

Drupal 8 has been a leading CMS when it comes to a powerful and an astounding user experience. Let us look at what makes Drupal 8 so spectacular for designing a compelling user experience for your website.

Responsive web design

Responsive websites are a must-haves nowadays to work well on any screen size. Drupal 8 helps in building websites with responsive web design approach out-of-the-box with some help of contributed modules. Also, there are several Drupal themes that help in creating a responsive design.

Web personalisation

Personalising the content on your website helps in making users to view the content in which they are interested. Web personalisation can be done on the basis of demographics of the user, login time and date of the user, gender, device details of the user etc.

Acquia Lift Connector, Drupal module, offers integration with the Acquia Lift service with an improved user experience for personalisation, testing and targeting the frontend of website directly.

Performance optimisation

A fast-loading speedy website significantly contributes towards the betterment of user experience, usability and engagement. Drupal 8 is one of the most efficient CMS for enabling enhanced page speed.

Caching is an important feature that you can configure for enhancing your website speed. Drupal modules like Internal page cache, Dynamic page cache, BigPipe, Redis, Varnish, and Memcache API and Integration offers different sorts of caching methods to meet the requirements of your website.

Page speed can also be accentuated by disabling unwanted modules or those which are seldom used. Drupal 8 also helps in optimising images for better performance.

Multilingual capabilities

Drupal 8 core comes engrained with multilingual capabilities. It lets you translate content, site interfaces, language, and configuration out-of-the-box. For instance, you can translate the content of your website into a particular language on the basis of user’s geographical location.

Social media

Connecting with friends in one of the biggest pluses of social media elements. Social media can also be a powerful marketing tool. Incorporating social media elements into your website allows users to share the experience, that they had with your website, to the world.

Drupal offers a suite of modules to help you. Easy social, a Drupal module, lets you add share buttons to your nodes.

Another Drupal module, OneAll Social Login, allows you to register and login to the Drupal website using existing accounts on social networks.

A/B testing

A/B results help in determining how well is your website performing and how can you improve it further. Drupal 8 offers modules to carry out A/B testing.

For instance, A/B Test JS module lets you perform A/B and multivariate testing via JavaScript and exposes a UI for creating tests.

Webform A/B Testing module helps in setting up A/B tests consisting of various webforms for determining the most effective one. It tracks how many times a webform has been shown to users and also how many users have responded by completing the form.

How is Drupal Community striving hard to improve the admin UX?

With a highly active bunch of Drupal enthusiasts in the Drupal Community, the objective of making Drupal more and more better for everyone is an everlasting thing. While Drupal is great for improving user experience for online visitors, site administrators are not to be left out. The Admin UX User Study group in the Drupal Community has come up with great insights in a research done on further improving admin UX.

Being new to Drupal may prove to be an arduous task for the content editors to get along with the administrative interface that the platform has to offer. The Admin UX User Study strives to make betterments to the Drupal admin UI with the objective of making it an amazing platform for site administrators.

Findings of Admin UX study

Key focus of the research was on content editors who are responsible for putting great content on the site. Survey was conducted to understand what content editors love about Drupal and where do they find it challenging.

Most of the respondents in the survey said that Drupal is flexible, customisable and lets them have control over their content.
When asked about the challenges, the survey gave some interesting insights. Many content editors opined that a lot of intricacies are due to the UI provided by the paragraphs  and panels.

More hurdles were centred around searching for documentation, content editing UI, understanding jargon and technical terminologies, and media management. There was also a mention of complexities with content editing interface while adding content translation to the mix.

Efforts to improve Admin UX

With a highly active bunch of Drupal enthusiasts in the Drupal Community, the objective of making Drupal more and more better for everyone is an everlasting thing.

Interestingly, among the things that Drupal Community is trying to achieve, the responses made by the content editors were already being worked upon. For instance, Drupal Gutenberg project aims to revolutionise publishing experience through a modern UI which is based on Wordpress’s Gutenberg project.

Also, configuration changes like minimising the user permissions for editors, offering access to an admin menu with limited set of options, and customisation of some of the default widget settings are being worked upon. That is, configuring a role for content authors out-of-the-box and altering some of the Drupal’s default configurations can offer a wonderful content editing experience.

Success story

Federal Emergency Management Agency (FEMA), which helps people to cope with natural and man-made disasters, chose Drupal for delivering a powerful user experience. The new digital platform was designed for dependability during critical times.


Federal Emergency Management Agency (FEMA) provides up-to-the-minute details on several important facts during emergencies. The old version of FEMA.gov was not a dependable site with outmoded navigation features and slow page load speed that made it difficult to be accessed during critical events when traffic spikes.

Knowing the significance of delivering a reliable digital experience for users, FEMA wanted a user-friendly and highly resilient site with the provision of more meaningful communication. It also had to cope with traffic spikes and also be scalable at the same time.


Project challenges

Primary concern for the design team was creation of a friendly and functional design and user interface. By holding a series of user focus groups, they got the much needed feedback which indicated that the existing site was too convoluted, it was difficult to find information, and some of the content were outmoded. The site also did not support smartphones and tablets.

The existing system did not support swift and efficacious communication. Most often than not, the site experienced overloads and very slow page load times especially during emergencies when it is most needed. It was not resilient and was not able to consistently deliver a high performing experience. In addition to these issues , there was difficulties with content editing.

Project outcome

To address these challenges, FEMA chose Drupal as the their preferred content management system. To handle the large-scale rebuilding of the site where thousands of pages had to be reviewed, updated and migrated to the new site, development and testing was done in iterative process. This helped in easily scaling the project and making adjustments and reorientations.

The website of FEMA.gov turned mobile friendly and could be accessed from devices ranging from desktop to mobile devices. It also paid special attention to accessibility for those users requiring assistive technologies. The new site architecture minimised the number of clicks that was needed for accessing information thereby making navigation and retrieval faster and simpler. Technical design solutions were implemented that were in accordance with Section 508 compliance standards.

After the launch of the new site, not only it proved cost-effective but provided value to the users. It offered better access to critical disaster-assistance details, higher interactivity and accessibility, cross-platform compatibility and the ability to rapidly and dependably disseminate key content in multiple languages.

Being open source, Drupal-based architecture assisted with the improvement of performance and enabled FEMA to provide the public with swift access to data that could be modified in real-time, if needed. With the mobile-optimised version of FEMA.gov, that has enabled enormous amount of information on-the-go, user experience and the over user satisfaction has improved as well.

Conclusion

Offering the best digital user experience is the goal of every digitised firm. With right means of implementation and Drupal’s amazing features, building a site with a great UX should be cutting through a piece of cake. 

Talk to our Drupal experts for developing a Drupal-powered website with best website design implementation for your business. To improve your website’s user experience, contact us at hello@opensenselabs.com
 

blog banner blog image User Experience Digital user experience Website Experience Digital experience UX UI User Interface Admin UX Admin user experience Responsive web design web personalisation Multilingual Site social media Performance Optimisation A/B testing Drupal 8 Drupal module Drupal Blog Type Articles Is it a good read ? On

OpenSense Labs: Story of API-first Drupal and Digital Transformation

2 months 1 week ago
Story of API-first Drupal and Digital Transformation Shankar Tue, 08/28/2018 - 18:25

Content touchpoints are proliferating at a fast clip as consumers keep on marching towards vibrant and distinctive means of interacting with content. Internet of Things (IoT), conversational UI, digital signage and devices that are powered by machine learning algorithms among others are adapting to our characteristics to disseminate content accordingly. To cope up with such mushrooming milieu of consumer experience, API-First Drupal is well positioned for entire digital ecosystems.

Drupal can do almost anything to be the powerhouse of your digital business. But to leverage the benefits of technologies outside of the Drupal context, API-first approach could be a perfect choice.

Understanding API-first approach

So, what is meant by API-first? It refers to the interaction between a central web service and several other applications to enable the two systems to exchange information over a network. Not only is this exchange limited to websites but extends to mobile apps, Internet of Things devices, and wearables. Using API-first Drupal basically refers to the decoupling of the front end and utilising a different technology for the presentation and the theming layer.

API-first approach is the interaction between a central web service and several other applications to enable the two systems to exchange information over a network. In short, API-first Drupal allows:
  • Integrations that are not defined in Drupal/PHP code
  • Full decoupling
  • Progressive decoupling where Drupal serves overall page and certain parts of the page offer JS-driven interactions

The key advantages that Drupal has are that it is a free and open source from end to end unlike other API-first content-as-a-service options like Contentful. Thus, all layers constituting accessing and retrieving data, exposing and consuming that data through software development kits (SDKs) are free.

How does API-first approach work in Drupal?

So, how can someone go about getting data out of Drupal without using the theming layer? Such an arrangement is not new. Even though Drupal has worked as a services layer in several applications for years, evolving internet trends have put in a lot of emphasis on names such as headless, decoupled, and API-first. Developers have seen more use cases for Drupal as a web service for the mobile applications and JavaScript frameworks skyrocketed.


Drupal as a backend is very tightly coupled to its presentation layer which means that taking that out of equation would mean a heavy loss. Everything including forms, control over layout, feature of previewing a content, and other great features of Drupal would be lost. Other challenges include introducing an extra point of failure, sacrificing the improved performance optimisation capabilities of Drupal 8, and loss of in-place and in-context editing. So, most importantly, organisations must know the benefits that outclass the losses by adopting decoupled Drupal approach.

Web services, as a developing technology, offer so many flavours but the one that stands out as the winner is the RESTful API. Representational State Transfer (REST) allows communication between devices like computers, phones, banking systems, televisions and IoT devices connected to a network by using the standard HTTP protocol. It is the leading API approach of choice for Web services because of its widespread acceptance across the web. Furthermore, Drupal is also enabled for non-RESTful approaches like GraphQL.

Various contributed modules allow you to add web services to a Drupal installation without the need for writing code. For instance, Developers can use Services module and the RESTful Web Services module to configure a server for enabling the Drupal installation to push or allow data that is to be pulled as needed with the help of REST API. No matter whether the action is push or pull, Drupal is the services layer. Using the content management platform of Drupal, it is possible to add content, user, and permission systems but the information is sent outside the context of Drupal.

Drupal 8 core has out-of-the-box REST API that allows operators to interact with content entities like taxonomy terms, nodes, users, and comments.

How is Drupal moving towards becoming more API-first?

With API-first Initiative at the forefront, Drupal 8.0 was shipped with a built-in REST API which spelt the beginning of Drupal’s transformation as an API-first platform. Since then, subsequent releases in Drupal 8 has introduced remarkable web service API improvement.

Drupal is perpetually moving towards offering a more robust API-first ecosystem.

Significant market trends paved the way for endorsing this strategy which comprised of incorporation of other technology solutions, increase in the adoption of JS frameworks, snowballing of new devices and digital channels among others.

Although Drupal 8 was launched with a basic REST API, Drupal community has been contributing with new REST API features in further releases of Drupal. For instance, Drupal community is working on shipping Drupal modules with web service APIs instead of depending on a central API module in the further releases of Drupal.

With JSON API becoming increasingly common in the JavaScript community, there has been a tremendous work going on for making JSON API Drupal module as part of the core in the upcoming releases.

Also, GraphQL module has been gathering steam in its adoption and is an important component of API-first Drupal. It is also being envisioned to be added in the Drupal core(not formally decided).

OAuth 2.0 module, which is helping developers in building more secure decoupled Drupal architectures, is gaining grounds to be included in the Drupal core.

Not only these, several modules are being developed with API-first approach such as Open API, Lightning API, Consumers, etc. Drupal is perpetually moving towards offering a more robust API-first ecosystem.


Contenta, Drupal distribution, is a great example of incredible strides that Drupal has made in its pursuit of becoming more API-first. Contenta helps in offering modern API capabilities out-of-the-box with JSON API. It can feed content the JS-driven websites, mobile applications, TV and even mythical fridge application.

Whether it is single application development or multi-channel publishing, Contenta has it all to be a Create Once, Publish Everywhere CMS.

Reservoir, a minimalist distribution for decoupling Drupal, is doing great rounds. Being a flexible and simple tool for building content repositories for any application, it helps in modelling content, governing content, and interacting with that content through HTTP APIs.

Packed with API-first modules like JSON API module and OpenAPI, helps in accelerating decoupled Drupal implementations.

Drupal and its competitors The biggest advantages that Drupal has over its headless competitors are that it can be:
  • a terrific CMS for content editors to give them control over the presentation of their content.
  • a rich headless CMS to allow developers build large content ecosystems in a single package.

Headless CMSes lag behind in the areas of in-context administration and in-place content editing. They are short of full-fledged editorial experience integrated into their front ends where they serve content. In-context governance and in-place editing are not possible if they do not expose a content editing interface linked to each front end which is why coupling is required.
Another significant focus lies in the display and layout manipulation to for the success of digital marketers. Drupal plays a vital role in controlling the appearance of content in a layout structure. In contrast, headless CMSes are not adept with the display an layout settings. Editorial tools, like in-place editing and in-context governance, that enable this need to be incorporated into the front end.

Moreover, content editors and digital marketers consider the state of published content. Especially for unpublished content, accessing end-to-end preview system is a must-have for editorial workflows. But in headless CMSes, to allow endless preview like setting up a new API endpoint would require developers to skip significant hoops.

These drawbacks can be handled in some use cases where the application requires less editorial interaction and is more developer-focussed. Keeping everything aside, headless CMSes do not have the toolkits for content authors. This is where Drupal sets the standard high.


Don’t jump into any conclusions as these drawbacks does not mean to say that headless is unimportant. Both the headless and traditional way of content management is important which is what Drupal excels at. Drupal is awesome for both content editors and developers alike.

Drupal is awesome for both content editors and developers alike.

API-first Initiative has been an absolute wonder towards advancement of existing and new web services efforts. This has streamlined the use of Drupal as a content service and more optimal for developers. Drupal Community has been constantly working towards the improvement of great developer experience through web services like JSON API and GraphQL and also through tooling to accentuate headless application development similar to the Waterwheel ecosystem.

Drupal is awesome for both content editors and developers alike. In spite of this, there are some limitations. You must adopt a coupled Drupal front end for editing and manipulating the front end without having to involve a developer thereby focussing on editor or assembler experience. Also, if you do not need the involvement of editors, Drupal can still be relevant.

Adding decoupled applications and keeping Drupal as a coupled website is a huge advantage. Such an architecture where it is simultaneously coupled and decoupled make it a great platform for both content editors and application developers. That means, your content repository should be public-facing website with an astounding set of editorial capabilities and also a centralised point for collection of applications which makes it developer-friendly.

With Drupal perpetually powering more and more websites, it is also being extracted to its  full potential in order to serve content to other backend systems, native applications, single page applications, and even conversational interfaces simultaneously.

Digital transformation stories

API-first Drupal can work wonders for so many industries. Let’s go through some success stories.

Powers a swarm of devices

Let’s look at how API-first Drupal can power presentation devices on a major cruise line. Cruise ships look forward to make the experience of their passengers as best as possible. Passengers get to know the information about events, security and locations on the ship through daily newsletters.

For Princess Cruises, a major cruise line, the choice of digitising this newsletter was a perfect option for improving guest experience. It was using Drupal for its shipboard intranet due to its flexibility, dependability and an engaging open source community. Their IT team was already adept with Drupal. So, Drupal was an obvious choice for developing a newsletter app.


The daily newsletter was built as a full-fledged onboard passenger application that was customised for the interests of passengers. They could find event details, information on ports visited, current weather, menus, and stateroom account details. The application altered the ways passengers tried to find information on the ship thereby providing unique experience for the passengers.

Moreover, they realised that, with Drupal as services layer, they could do more with it as they did for the smartphone app. They used Drupal to power free video-on-demand service as well as digital signage sending content to hundreds of screens around the ship. The company implemented the system on other ships too and could deploy within a month’s time. With the response of passengers exceeding the expectations, they rolled it out half the fleet.

Progressively Decoupled Drupal

Weather.com needed a digital ecosystem to cope with unpredictability. Before the company moved to Drupal, its digital properties were relying on hundreds of origins servers powered by different data servers. They wanted a progressively decoupled Drupal and to architect a new Presentation Framework to produce interactive experiences on a page rendered by Drupal.


Considerations revolved around accommodating diverse performance and caching requirements. On an average page,  there are several caching and time load needs across each of the content sections. With a strategy involving a progressively decoupled Drupal, the weather channel built a new presentation framework breaking pages into different sections. Each of the sections, as referred to as a component, lived in its own subdirectory. The metadata about component was declared by a JSON file to the Drupal.

These directories were ingested into panel panes by Drupal. These panes were exportable and reusable and could be developed by the frontend developers without much engagement from the backend. The weather channel, with progressively decoupled Drupal, could specify regional content, pushed uniform content, and personalised content that were not cacheable and needed to be rendered on the client side.

Hence, progressively decoupled Drupal strategy allowed the large weather company to address the diverse technical requirements and needs of their sites. JavaScript developers were able to keep working on JS and editorial teams focussed on creating pages without the need of extensive development involvement.

Conclusion

With Drupal as a services layer is a practice that fast approaching towards maturity and enabling unthinkable digital ecosystems. While there are diverse set of applications of API-first architectures, moving towards an API-first solution may seem intimidating. At Opensense Labs, we can assist you to tie the knot tightly and connect you with the Drupal experts who have years of experience in Drupal development.

Drupal is a very complete system that can handle almost anything you need done. Have a conversation with our panel of experts at hello@opensenselabs.com to make your vision of digital experience come true.

blog banner blog image API-first Drupal API-first approach API-first design API-first Decoupled Drupal Headless Drupal Progressively decoupled Drupal Drupal community Drupal module Drupal 8 Drupal Contenta CMS Contenta Reservoir distribution Blog Type Articles Is it a good read ? On

Agiledrop.com Blog: AGILEDROP: Josef Dabernig: Drupal not just a software, but an ecosystem

2 months 1 week ago
Agiledrop is highlighting active Drupal community members through a series of interviews. Learn who are the people behind Drupal projects.  This week we talked with Josef Dabernig. Read about his move to Switzerland, why he believes Drupal in a role model for other Open Sources, what his master thesis is about and his extreme Tour De DrupAlps.   1. Please tell us a little about yourself. How do you participate in the Drupal community and what do you do professionally? Hi, I'm Josef, I'm an active Drupal community member since 2007. I grew up in Vienna where I studied computer science and… READ MORE

Chocolate Lily: Managing Shared Configuration Part 1: Configuration Providers

2 months 1 week ago

At the Drutopia project, one of our big focuses has been improvements to configuration management in Drupal 8. In this series, I'll be covering our work to date along with related efforts and contributions.

Drutopia is a platform cooperative initiative, building out cooperatively owned and hosted Drupal distributions. In our 2016 white paper, we recognized that the Configuration Management Initiative (CMI) in Drupal 8 "produced a lot of improvements in configuration handling" while noting that these "mainly addressed the use case of 'staging' configuration from one version of a site to another, a site-building technique that lower budget sites often don’t have time or money for." We committed to focus on "the free software use case left out of Drupal core: reusable configuration that can be shared across multiple sites". For background, see Drupal 8 configuration management: what about small sites and distributions? and sections on Drupal 8, corporate influence, and the CMI in this interview.

There's a current initiative to improve configuration management in Drupal core. Dubbed "CMI 2.0", the effort comes out of a similar conclusion that limitations and missing use cases in configuration management are a major barrier to Drupal 8 adoption; see Angie Byron's post proposing the initiative.

In the past three years, we at Drutopia have contributed to a growing collection of Drupal plugins that together address some of the tricky problems involved in managing shared configuration. As well as in kind contributions by Chocolate Lily, some of our work was sponsored by Agaric and the National Institute for Children's Health Quality (NICHQ) to meet their needs for an in-house platform of community sites.

Just what do we mean by managing shared configuration?

Say I have a site built on a Drupal distribution that's for community organizing. I installed the site a month ago and got groups-related configuration such as a group type. Then I made some modifications of my own. I've just downloaded a new release of the distribution, including enhancements to the groups-related configuration. How can I update my site so that I have all the latest changes from the distribution--while still retaining any customizations I made? That's the key question we've tried to tackle.

A more abstract way of putting the problem is: how can we provide packages of shared configuration in a way that lets site administrators both customize their sites and merge in configuration updates?

This series will cover distinct aspects of the problem of managing shared configuration packages and, along the way, highlight specific solutions we at Drutopia have sketched in. Our efforts are very much works in progress. We're not sure we've even got all the problems right, let alone fully addressed them ;) But have we made progress? Yes, we have. By sharing it here, we hope to raise the profile of these problems and solutions and invite further perspectives and contributions.

Checked
2 weeks 3 days ago
Drupal.org - aggregated feeds in category Planet Drupal
Subscribe to Drupal Planet feed