roadsterworks/craft-content-diff

Compare entry content between environments (local, staging, production) from the Craft Control Panel.

Maintainers

Package info

github.com/harry2909/craft-content-diff

Type:craft-plugin

pkg:composer/roadsterworks/craft-content-diff

Statistics

Installs: 17

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.10 2026-03-01 00:03 UTC

Requires

Requires (Dev)

proprietary d3123e10b40b082da43e80086c05a13c8977614d

This package is auto-updated.

Last update: 2026-03-29 00:09:56 UTC

README

Content Diff dashboard Content Diff settings

Compare entry content between Craft CMS environments (local, staging, production). View created, deleted, and updated entries with field-level diffs, including Matrix and nested blocks.

Requirements

  • Craft CMS 5.0.0 or later
  • PHP 8.2 or later

Installation

composer require roadsterworks/craft-content-diff
./craft plugin/install craft-content-diff

Configuration

Configure in Control Panel → Content Diff → Settings. Use the same API key and (where relevant) env vars on every environment (local, staging, production) so the diff endpoint and dashboard work correctly.

Setting Required Notes
API key Yes Secret for the diff endpoint. Generate in Settings or set a literal / env alias (e.g. $CRAFT_CONTENT_DIFF_API_KEY). Same value on all envs.
Production URL Yes (for staging/dev) Base URL of production (e.g. https://example.com). Literal or env alias.
Staging URL Yes (for production/dev) Base URL of staging. Literal or env alias.
HTTP Basic auth No If staging or production is behind server-level HTTP Basic auth, set username and password (literals or env aliases). Leave blank on an environment that does not use HTTP auth; you do not need to set empty env vars.

Env aliases (e.g. $CRAFT_CONTENT_DIFF_API_KEY) are resolved at runtime using Craft’s App::env().

Set ENVIRONMENT (or CRAFT_ENVIRONMENT) to dev, staging, or production so the dashboard shows the right compare targets.

Cloudflare (or similar WAF)

Compare uses server-to-server requests (no browser, no cookies). If production or staging is behind Cloudflare (or another WAF), it may block or challenge those requests and the compare will fail with a connection or invalid-response error.

Fix — step by step in Cloudflare:

  1. Go to SecurityWAFCustom rules (or SecurityConfigurationWAF Custom rules).
  2. Click Create rule (or Add rule).
  3. Rule name: e.g. Allow Content Diff endpoint.
  4. Field / When: Build an expression:
    • Choose Field: URI Path (under “Request”).
    • Operator: equals (or contains).
    • Value: /actions/craft-content-diff/diff (for equals) or craft-content-diff/diff (for contains).
      Do not use the full URL (no https:// or domain).
  5. (Optional) Click Add condition (or And): Request HeaderName X-Content-Diff-TokenOperator “is present” or “exists”, so only requests that send the API key are allowed.
  6. Action: Choose SkipSkip all remaining custom rules, or Allow. (“Skip” only skips WAF custom rules; if the request is still blocked, try Allow or check SecurityEvents to see which product blocked it.)
  7. Deploy / Save.

If it still fails, open SecurityEvents, trigger a compare, find the request to craft-content-diff/diff, and check the Action and Reason (e.g. Bot Fight Mode, Security Level). Add an exception for that path or lower the security level for that URI if needed.

Licence

Proprietary (Craft License). See LICENSE.md.