Enable Enhanced Security: the secret attribute for shortcodes

In GravityView 2.21, Views include a new option to “Enable Enhanced Security” that forces the use of a secret  attribute on shortcodes. The “secret” is a type of password that prevents unauthorized users from guessing the View ID and accessing potentially-sensitive data. Read more about that.

Screenshot showing the Enable Enhanced Security setting checked inside the Permissions tab of the View Settings metabox.

Blocks are also updated to include the secret  when necessary.

This setting will be auto-enabled for new Views, but will need to be enabled manually for existing Views. You can choose to enable enhanced security by editing a View, going to the View’s Permissions settings, checking the “Enable Enhanced Security” checkbox, and saving the View.

When this setting is enabled, all shortcode instances of [gvfield] and [gventry] based on a View with this setting enabled will also require the secret attribute.

The secret attribute is automatically generated and unique to each View.

If this setting is enabled and the embedded View doesn't contain the secret attribute in the shortcode, the View won't show up and this message will appear instead on the page (only visible to Administrators):

The secret will be automatically generated for each View and can be copied from the Publish meta box inside the View editor:

Animated GIF showing the embed shortcode section inside the Publish metabox containing the secret attribute already filled with a random string.

It can also be found on the Shortcode column inside the All Views page for Views where this setting is enabled:

Screenshot showing the shortcode column on the All Views page

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us