Crafter Engine provides content delivery services to power any type of Web or mobile application. It consumes content published through Crafter Studio and provides developers with the foundation for quickly building high-performance, flexible Web and mobile applications.
Building content rich applications backed by CrafterCMS requires you use one of the following APIs to gain access to your content. You have many choices here:
- GraphQL (great for SPAs and/or AJAX)
- REST API (great for SPAs and/or AJAX)
- FreeMarker (great for HTML with server-side HTML production)
- Groovy (great for business logic with access to content or configuration/parameterization)
- Java (for embedding your business logic/app within Crafter Engine)
Scripts and Templates Security
Crafter Engine limits access to services when developing templates or scripts, and sandboxes scripts for security by default.
Crafter Engine only allows a small list of services available to use when developing templates or scripts. There are some sites that may require services not included by default.
To expose other services, follow the guide Access to Services
Scripts are executed in a sandbox that has a blacklist of insecure expressions to prevent code that could compromise the system. There are some cases though where a site requires access to one or more of the blacklisted expressions.
To override the default script sandbox configuration, follow the guide Script Sandbox Configuration
Crafter Engine Architecture
Crafter Engine’s source code is managed in GitHub: https://github.com/craftercms/engine