Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
strapi-plugin-sitemap
Advanced tools
rel="alternate"
with @strapi/plugin-i18n
)Install the plugin in your Strapi project.
# using yarn
yarn add strapi-plugin-sitemap
# using npm
npm install strapi-plugin-sitemap --save
After successful installation you have to rebuild the admin UI so it'll include this plugin. To rebuild and restart Strapi run:
# using yarn
yarn build
yarn develop
# using npm
npm run build
npm run develop
The Sitemap plugin should now appear in the Settings section of your Strapi app.
Enjoy 🎉
Complete installation requirements are the exact same as for Strapi itself and can be found in the Strapi documentation.
Supported Strapi versions:
strapi-plugin-sitemap@^3
)strapi-plugin-sitemap@^2
)(This plugin may work with older Strapi versions, but these are not tested nor officially supported.)
We recommend always using the latest version of Strapi to start your new projects.
With this plugin you have full control over which URLs you add to your sitemap XML. Go to the admin section of the plugin and start adding URLs. Here you will find that there are two ways to add URLs to the sitemap. With URL bundles and Custom URLs.
A URL bundle is a set of URLs grouped by type. When adding a URL bundle to the sitemap you can define a URL pattern which will be used to generate all URLs in this bundle. (Read more about URL patterns below)
URLs coming from a URL bundle will get the following XML attributes:
<loc>
<lastmod>
<priority>
<changefreq>
A custom URL is meant to add URLs to the sitemap which are not managed in Strapi. It might be that you have custom route like /account
that is hardcoded in your front-end. If you'd want to add such a route (URL) to the sitemap you can add it as a custom URL.
Custom URLs will get the following XML attributes:
<loc>
<priority>
<changefreq>
To create dynamic URLs this plugin uses URL patterns. A URL pattern is used when adding URL bundles to the sitemap and has the following format:
/pages/[category.slug]/[my-uid-field]
Fields can be injected in the pattern by escaping them with []
.
Also relations can be queried in the pattern like so: [relation.fieldname]
.
The following field types are by default allowed in a pattern:
id
uid
Allowed field types can be altered with the allowedFields
config. Read more about it below.
When adding a URL bundle of a type which has localizations enabled you will be presented with a language dropdown in the settings form. You can now set a different URL pattern for each language.
For each localization of a page the <url>
in the sitemap XML will get an extra attribute:
<xhtml:link rel="alternate">
This implementation is based on Google's guidelines on localized sitemaps.
To make sure search engines are able to find the sitemap XML create a robots.txt
file in the front-end of your website and add the following line:
Sitemap: https://your-strapi-domain.com/api/sitemap/index.xml
Read more about the robots.txt
file here.
This plugin comes with it's own strapi-sitemap
CLI.
You can add it to your project like so:
"scripts": {
// ...
"sitemap": "strapi-sitemap"
},
You can now run the generate
command like so:
# using yarn
yarn sitemap generate
# using npm
npm run sitemap generate
Settings can be changed in the admin section of the plugin. In the last tab (Settings) you will find the settings as described below.
The hostname is the URL of your website. It will be used as the base URL of all URLs added to the sitemap XML. It is required to generate the XML file.
hostname
required:
YES |type:
string |default:
''
If you are using this plugin in a multilingual Strapi project you will be presented with a 'Hostname overrides' setting. With this setting you can set a specific hostname per language.
This is handy for when you have a URL structure like this:
hostname_overrides
required:
NO |type:
object |default:
{}
When using the draft/publish functionality in Strapi this setting will make sure that all draft pages are excluded from the sitemap. If you want to have the draft pages in the sitemap anyways you can disable this setting.
excludeDrafts
required:
NO |type:
bool |default:
true
This setting will add a default /
entry to the sitemap XML when none is present. The /
entry corresponds to the homepage of your website.
includeHomepage
required:
NO |type:
bool |default:
true
Config can be changed in the config/plugins.js
file in your Strapi project.
You can overwrite the config like so:
module.exports = ({ env }) => ({
// ...
'sitemap': {
enabled: true,
config: {
cron: '0 0 0 * * *',
limit: 45000,
xsl: true,
autoGenerate: false,
caching: true,
allowedFields: ['id', 'uid'],
excludedTypes: [],
},
},
});
To make sure the sitemap stays up-to-date this plugin will automatically schedule a cron job that generates the sitemap for you. That cron job is configured to run once a day at 00:00.
If you want to change the cron interval you can alter the cron
setting.
cron
required:
NO |type:
bool |default:
0 0 0 * * *
When creating large sitemaps (50.000+ URLs) you might want to split the sitemap in to chunks that you bring together in a sitemap index.
The limit is there to specify the maximum amount of URL a single sitemap may hold. If you try to add more URLs to a single sitemap.xml it will automatically be split up in to chunks which are brought together in a single sitemap index.
limit
required:
NO |type:
int |default:
45000
This plugin ships with some XSL files to make your sitemaps human readable. It adds some styling and does some reordering of the links.
These changes are by no means a requirement for your sitemap to be valid. It is really just there to make your sitemap look pretty.
If you have a large sitemap you might encounter performance issues when accessing the sitemap.xml from the browser. In that case you can disable the XSL to fix these issues.
xsl
required:
NO |type:
bool |default:
true
Alternatively to using cron to regenerate your sitemap, this plugin offers an automatic generation feature that will generate the sitemap through lifecycle methods. On create
, update
and delete
this plugin will do a full sitemap regeneration. This way your sitemap will always be up-to-date when making content changes.
If you have a large sitemap the regeneration becomes an expensive task. Because of that this setting is disabled by default and it is not recommended to enable it for sitemaps with more than 1000 links.
Also the search engines don't even crawl your sitemap that often, so generating it once a day through cron should be suffecient.
autoGenerate
required:
NO |type:
bool |default:
false
This setting works together with the autoGenerate
setting. When enabled a JSON representation of the current sitemap will be stored in the database. Then, whenever the sitemap is being regenerated through lifecycles, the cache will be queried to build the sitemap instead of querying all individual (unchanged) pages.
caching
required:
NO |type:
bool |default:
true
When defining a URL pattern you can populate it with dynamic fields. The fields allowed in the pattern can be manipulated with this setting. Fields can be specified either by type or by name. By default the plugin allows id
and uid
.
If you are missing a key field type of which you think it should be allowed by default please create an issue and explain why it is needed.
allowedFields
required:
NO |type:
array |default:
['id', 'uid']
This setting is just here for mere convenience. When adding a URL bundle to the sitemap you can specify the type for the bundle. This will show all types in Strapi, however some types should never be it's own page in a website and are therefor excluded in this setting.
All types in this array will not be shown as an option when selecting the type of a URL bundle.
excludedTypes
required:
NO |type:
array
Feel free to fork and make a pull request of this plugin. All the input is welcome!
Give a star if this project helped you.
FAQs
Generate a highly customizable sitemap XML in Strapi CMS.
The npm package strapi-plugin-sitemap receives a total of 2,314 weekly downloads. As such, strapi-plugin-sitemap popularity was classified as popular.
We found that strapi-plugin-sitemap demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.