Contao news

Read the official Contao announcements.

Recap of the first Contao Core Developers Meeting 2024

by Yanick Witschi – Current issues

Every year, the Contao Core development team meets twice for a short code sprint of three days. Like the last two meetings, we met in Freudenstadt in the beautiful Black Forest. Obligatory note: The developer meetings are crucial for the further development of Contao and therefore, as always, I call attention to the fact that the Contao Association funds these meetings. As Supporter you can do your part.

Starting point

The last meeting focused on Contao 5.3 LTS. As always with a new LTS version, the meetings and the time before the release are quite exhausting. There are always things that we really want to get into the LTS version. This time, these included various stability improvements, performance enhancements, but also new features that further improve the security of Contao, such as the brand new Content Security Policy framework.

Contao 5.3 LTS has now been released, but of course this is not the end of the story. Here, too, the story repeats itself with every LTS version: the demand is much greater than for other versions and so there are significantly more bug reports that we have to deal with. Accordingly, this first meeting after the release is also a good opportunity to take care of these bug fixes.

Security vulnerabilities

In addition to regular bug fixes, we have also received two reports of security vulnerabilities in the past two weeks. We also found three more during the meeting. All five security vulnerabilities were not exactly easy to fix and required consultation within the core team. Here, too, the developer meeting came at just the right time. Click here for the announcement of the security releases.

The logical consequence of this was that this time we invested significantly more time in bug fixes and the elimination of security vulnerabilities and less in features for future versions than was the case at previous meetings. I, for example, spent half the meeting fixing a security issue.

But that's the way it is - security and stability come first with Contao.

Future UX improvements

But now let's move on to the nicer stories. At the last meeting, we already started to make some UX improvements to the back end. We are now continuing on this path. Before Contao 5.3 LTS, wrapper content elements were the usual way to nest content elements. This worked for years, but was obviously not the best solution in terms of UX. Thanks to the new nested content elements, we can now put a problem to rest. However, with the newly enabled nesting, we have opened the Pandora's box of nested navigation levels. The breadcrumb in the back end is simply not up to the task, making it virtually impossible for users to know in which page context or within which nested content element they are currently working. Martin took on this problem and tried to centralize logic that was located in various corners of Contao and bundle it into one service. This would give us the opportunity to generate breadcrumbs more consistently and reliably and guide users better through the back end.

We would also like a bit more of an app feeling in the back end. Less entire page reloads, more dynamic reloading of content, more drag n' drop etc. We have decided on using Turbo (Hotwire Stack) as our tool of choice for that task for some time now. However, there have always been other construction sites that needed to be completed first. During this meeting, Moritz finally found some time to prototype a basis for the global integration of Turbo in the Contao back end. With the remaining pile of legacy MooTools scripting this is a...well, let's call it a challenge :-)

At this point I would like to make a small appeal: Whoever feels capable of replacing old MooTools functions in the back end with reusable Stimulus controllers (there are already a few examples in the Core) is very welcome to help!

Migration of the remaining permissions

Andy has migrated about 80% of our permissions over the last Contao versions to the new permission system that we have introduced in Contao 5.0. After this meeting we should now be at 90%. So the migration is almost complete! 100% is the prerequisite for being able to play with the API idea at all - an API that works around our permission system would not be particularly effective.

Passkeys / FIDO2

We had already dealt with Passkeys during the last meeting. Fritz picked up on this thread and worked on a proof of concept. At the end of the meeting, he was already able to show us a roughly executable version in which a back end user could manage their own Passkeys and authenticate using them. The next step will certainly be to further refine the PoC and make it ready as a first version for the Core. After that, integration in the front end for front end members will certainly also become an task to be worked on.

Twig slots

As far as the front end is concerned, the migration of fe_page.html5 to a Twig template is still pending. Of course, not just rewriting the template - that would already be possible today. Here we are talking about a new concept of page layouts and how articles and modules are assigned to the various sections. Moritz has laid further foundations here and finalized the concept of twig slots. In future, it will be possible to define slots in Twig templates and then read them out by the system.

{# @Contao/foo.html.twig #}
<div class="wrapper">
  {# simple usage #}
  {% slot main %}{% endslot %}

  {# usage with placeholders #}
  {% slot left %}
      <aside>{{ slot() }}</aside>
  {% endslot %}
  
  {# using optional fallback values #}
  {% slot footer %}
      <aside>{{ slot() }}</aside>
  {% else %}
      <!-- there is no footer -->
  {% endslot %}
</div>

We can then read out main, left and footer from the template. So we would no longer have arbitrarily defined "custom sections", but articles and modules could only be assigned to "slots" that actually exist in the template. One less source of error. Cool, isn't it?

Miscellaneous

We are also still pursuing various projects. We are very interested in the Neos Content Repository, which could be a possible partial solution for our missing central data storage logic. There is a bit of prototyping on my part.

Leo would like to improve the loading performance of larger list/tree views and is toying with the idea of switching back to an icon set. He has also spent a lot of time converting ancient concepts such as the global $objPage or $GLOBALS['objPage'] to their modern alternative (in this case the PageFinder service).

Dave is working on finally being able to index protected pages on the command line and has fixed various compatibility bugs with newer Symfony versions.

Together with Fritz, I improved the supervision of our background workers and added Windows support.

That's all folks! Don't forget the Contao Camp on April 20 & 21 in Essen and stay healthy!

– Yanick

Show all news

Comments

Add a comment

Please add 8 and 7.