Our Visual Editing feature is live! 🎉 Learn more
Directus Logo
  • Use Cases and Features
    • Headless CMS
      Manage and deliver content with ease
    • Backend-as-a-Service
      Build and ship applications faster
    • Headless Commerce
      A single source of truth for products
    • 100+ More Use Cases
      Build anything (or everything)
    • Instant APIs
      Connect a database, get REST + GraphQL APIs
    • Granular Policy-Based Auth
      Provide secure, autonomous data access
    • Visual Automation Builder
      Automate content and data workflows with ease
    • 50+ More Features
      Get everything you need out-of-the-box
    Project Showcase
    Built With Directus

    Built With Directus

    See what everyone's been building with Directus

  • Learn More
    • Blog
      Read our latest articles and guides
    • Case Studies
      Case studies and success stories
    • Community
      Join our 13k member Discord community.
    • Agency Directory
      Browse our list of agency partners
    • About Us
      Learn more about Directus and the team
    • Wall of Love
      See what others are saying about us
    • Contact
      Have a general inquiry or question for us?
    • Support
      Reach out to Directus support
    Watch Directus TV
    Directus TV
    Video

    Directus TV

    Go down the rabbit hole with hours of original video content from our team.

  • Developers
  • Enterprise
  • Pricing
Chat With UsGet Started Free
GitHub logo30,287
Back
news
Friday, October 27, 2023

Announcing the Directus Secure Extensions Framework

Learn about our new sandbox for extensions which emphasize control and security.
Announcing the Directus Secure Extensions Framework

Designing a marketplace with user-contributed content is no small feat. On top of security, consistency, and tooling, it's super important for us to be confident that the way we ask you to build extensions will stay the same for many Directus versions to come. 

Over the last year, we've laid lots of groundwork towards this goal - the Directus Extensions SDK which helps scaffold and build extensions, being able to install extensions via npm or external storage locations, a robust and flexible metadata structure, and several other changes to help you build great extensions and ensure we can run them reliably. 

Right now, we really leave it to Directus project admins to understand the security implications of installed extensions. Given that Directus touches your database and asset storage, we know there's a need to do better, especially in a future where users installing extensions may not also be managing infrastructure. 

Today, we're announcing what we believe is the last part of the foundational work required to build a marketplace - the Secure Extensions Framework. Secure Extensions will be aggressively sandboxed, with permissions needing to be requested before many actions are taken, including external web requests and database operations. 

Existing extensions not using the Secure Extensions Framework will continue to work in Directus 10.7 and beyond, but we encourage all extensions developers to adopt it as we continue work on the Directus Marketplace. 

Check out our documentation to learn more about secure extensions and, as always, if you have questions feel free to join our Discord community. 

Posted By

Esther Agbaje

Esther Agbaje

Education

Share

LinkedIn LogoTwitter LogoReddit LogoDev.to Logo

Sign up for updates 🐇

Get insights, releases, and exciting news delivered directly to your inbox once a month. No spam - we promise. 🙂

  • Directus LogoDirectus Logo

    A composable backend to build your Headless CMS, BaaS, and more. 

  • Solutions
    • Headless CMS
    • Backend-as-a-Service
    • Product Information
    • 100+ Things to Build
  • Resources
    • Documentation
    • Guides
    • Community
    • Release Notes
  • Support
    • Issue Tracker
    • Feature Requests
    • Community Chat
    • Cloud Dashboard
  • Organization
    • About
    • Careers
    • Brand Assets
    • Contact
©2025 Monospace Inc
  • Cloud Policies
  • License
  • Terms
  • Privacy