github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
7d2a1392f43613094de700062aba168a9400dd3b
directus/docs/extensions/sandbox/introduction.md

2.2 KiB
Raw Blame History

description, contributors
description contributors
Learn about the Directus Sandboxed Extensions Framework to isolate and build trust in your extensions. Nils Twelker, Kevin Lewis, Esther Agbaje

Sandboxed Extensions

The Sandboxed Extensions Framework is designed to provide robust security to your data and maintain strict control over interactions with the external environment by running extension code in an isolated sandbox. The main purpose of this sandbox is to allow configurations that limit how extensions access your information and communicate externally.

The Sandboxed Extensions Framework is available for API and Hybrid Extensions.

Understanding the Sandbox

The sandbox is a secure environment to evaluate and execute extensions. The environment is given capabilities via virtual functions exposed through the directus:api module. Each function that's called through this isolate is checked against the extension's configured permissions, making sure extensions aren't able to access any private data without explicit consent.

Isolates only have access to JavaScript standard built-in objects. This means that common runtime functions such as console and setTimeout are not available.

Creating Sandboxed Extensions

To mark your extension to use the sandbox, add the sandbox configuration to your extension's package.json file, and set enabled to true as follows:

"directus:extension": {
	"type": "endpoint",
	"path": "dist/index.js",
	"source": "src/index.js",
	"host": "^10.7.0",
	"sandbox": {
		"enabled": true,
		"requestedScopes": {}
	}
}

Registering Extensions

While the way individual extensions are instantiated is very similar to non-sandboxed extensions, there's some subtle differences to be aware of given the difference of runtime. Please refer to Registering Extensions for examples for each extension type.

Permissions & Execution Types

The requestedScopes object controls what function scopes your extension requests to use, and what permissions your extension needs for each of those scopes. Please refer to Sandbox SDK for a reference of all supported scopes.

Reference in New Issue View Git Blame Copy Permalink