Yesterday we implemented the new sandboxing restrictions, but we have decided to revert the update to give app developers more time to test their apps against the new restrictions.

As of now, the five original directives will remain the same. If your app requires a popup, please check out the new SDK method that allows you to open links in a new tab.

Please test your app in the sandboxed environment to ensure that you don’t have any issues when the new restrictions are implemented. If you do, please reach out to us as soon as possible to identify a possible workaround.

We will update you shortly on any changes to the restrictions, including the new release date, in the changelog and in the community.

Part 2 of sandboxing for all iframes will now be implemented on July 5th, 2023 to give developers more time to test their apps against the new restrictions. Please note that the original directives will remain the same:

• allow-forms: Allows the page to submit forms. The form will be displayed as normal, but submitting it will not trigger input validation, sending data to a web server, or closing a dialog if this keyword is not used.
• allow-downloads: Allows downloading files through an <a> or <area> element with the download attribute and through the navigation that leads to a file download. This works regardless of whether the user clicked on the link or JS code initiated it without user interaction.
• allow-presentation: Allows embedders to have control over whether an iframe can start a presentation session.
• allow-same-origin: The resource is treated as being from a special origin that always fails the same-origin policy (potentially preventing access to data storage/cookies and some JavaScript APIs) if this token is not used.
• allow-scripts: Allows the page to run scripts (but not create pop-up windows). This operation is not allowed if this keyword is not used.

If you need to open a link in a new tab, you can use the new monday.execute("openLinkInTab") method.

We recommend testing your app in the sandboxed environment with the new restrictions to ensure nothing breaks. You can do so by adding the _apps_sandbox=v2 query param to a monday URL. If something breaks and there’s no workaround, please complete a support request so we can find a resolution.

We recently added the country field which will return an app installer's country for uninstall and install webhooks. This will replace the Active installs over time map on the Analytics tab.

Our new SDK method allows view apps to open a link in a new tab. This is particularly useful for apps impacted by the upcoming sandboxing initiatives.

You can find more information about the method, its parameters, and a code sample in our SDK documentation.

Marketplace app builders - this one is for you! If your app uses our native monetization, you can now make changes to your plans and prices using pricing versioning. All you need to do is:

1. Choose the new version ID.
2. Define your new plans and prices.
3. Complete the new plans and pricing form.

Check out our pricing versioning guide for more information!

We recently deployed a bug fix so the change_column_value webhook fires whenever column values in new columns on the relevant board change.

Before, the webhook would only fire after registering a second change_column_value webhook on the same board.

You can find more information about webhooks in our documentation!

We released a new version of monday vibe (our react components library). It has some breaking changes for some of you. Check out v2.0.0 on npm here.

Potential breaking change: This new version uses CSS modules, so any code that tries to override the styles from the library will not work correctly.

If you’re not overriding the CSS, it should be a seamless upgrade. I recommend upgrading as soon as yopu can so that new components we release will work as expected.

And if you’re not using Vibe yet, we suggest you do Check out the docs here: monday vibe

Drop a note in our community if you're having any trouble with the upgrade!

We recently added three new query parameters for custom URLs that allow you to direct users to the plan and pricing, billing, and how to use screens inside your app! Check out our documentation to learn more about each query parameter and how to create the URLs.

We recently added four new webhooks for apps that are monetized by monday:

• app_subscription_cancelled: sent when a subscription is canceled
• app_subscription_cancellation_revoked_by_user: sent when a user undoes their subscription cancellation
• app_trial_subscription_started: sent when a trial subscription starts
• app_trial_subscription_ended: sent when a trial subscription ends

We also added two new fields to our webhooks that return the account_name and account_slug. You can read more about each webhook and see sample payloads in our documentation!

If your app has a workspace template feature, users from all regions can now access it!

Before, EU accounts could not access the workspace template feature of an app if it was in an account on a US server. With this update, EU accounts can now access all workspace template app features!

This change is effective immediately, but please note that you must release a new minor version of your app and promote it to live before users see the impact!