So I'm making a small #Drupal-side API to let javascript #tests interact with a Drupal site.

I want to keep this as lightweight as possible, and rely on as few dependencies as possible. No JSON:API or JWT-related modules involved at the moment.

The JS calls are adding a custom HTTP header with a "secret" token, and my API routes ensure that token is present.

But anyone who sniffs web traffic can pick up that secret token, no?

I feel like I'm missing something fundamental here. Thoughts?

Hey #Drupal 8 #D8 #Composer friends, I'm having a weird composer issue:

Admin pages suddenly crash, seemingly out of the blue:

```
UnexpectedValueException: Invalid version string "main" in Composer\Semver\VersionParser->normalize()
```

It seems like Drupal is trying to see if there are core updates (>= 8.9.20), and then receives a "main" version identifier that composer can't deal with?

Possibly related to the new "main" branching scheme in D11 pushed 2 hours ago?

Cheers to whomever we have to thank for #Drupal's incredibly useful #Twig #Debug Mode:

➡️ https://www.drupal.org/docs/develop/theming-drupal/twig-in-drupal/debugging-twig-templates

- Enables debug printing inside templates with `{{ debug(your_variable) }}`.
- Adds template naming hints to html output.
- Lets you avoid having to clear the cache after every Twig template change.

💙

At this point, the terribly confusingly named product "Drupal CMS" should be renamed to "Drupal AiCMS" or "Drupal AI/XP" or something.

Placate marketeers, warn potential users, and further distance the infernal contraption from Drupal Core in one fell swoop.

- Why aren't we receiving any applications?
- No sé.

---

"¿Cómo Aplicar?

Si cumples con los requisitos y te interesa formar parte de nuestro equipo, envía tu CV actualizado a [******] con el asunto "Desarrollador Drupal 10 - Remoto".

¡Esperamos tu candidatura!"

---