Note
Craft now sends no-cache headers for requests that generate/retrieve a CSRF token. If your Craft install is behind a static caching service like Cloudflare, enable the asyncCsrfInputs config setting to avoid a significant cache hit reduction. (#15293, #15281)
- Craft now sends no-cache headers for any request that calls
craft\web\Request::getCsrfToken(). (#15293, #15281) - Fixed a bug where structures’ Max Levels settings weren’t being enforced when dragging elements with collapsed descendants. (#15310)
- Fixed a bug where
craft\helpers\ElementHelper::isDraft(),isRevision(), andisDraftOrRevision()weren’t returningtrueif a nested draft/revision element was passed in, but the root element was canonical. (#15303) - Fixed a bug where focus could be trapped within slideout sidebars. (#15314)