1.3.11 • Public • Published

Strapi plugin record-locking

This plugin provides the functionality to prevent data loss in cases where multiple users are simultaneously editing the same record within STRAPI v4.

When a user attempts to edit a record that is already being edited, a warning will be displayed.

🙉 What does the plugin do for you?

✅ Safeguards against concurrent editing by restricting access to a record to a single user at a time.

✅ Provides clear visibility of the current editing user, enabling you to easily identify who is working on the record.

🧑‍💻 Installation

1. Install the plugin with your favourite package manager:

npm i @notum-cz/strapi-plugin-record-locking
yarn add @notum-cz/strapi-plugin-record-locking

2. Create or modify file config/plugins.js and include the following code snippet:

module.exports = ({ env }) => ({
 "record-locking": {
    enabled: true,

We use websockets and you can determine the necessary transport yourself:

module.exports = ({ env }) => ({
 "record-locking": {
     enabled: true,
     config: {
         transports: ["websocket"]

If you do not specify a transport, the default parameters will be applied:

DEFAULT_TRANSPORTS: ["polling", "websocket", "webtransport"]

3. Enable websocket support by configuring the Strapi middleware.

In the config/middlewares.js file either replace 'strapi::security' with a middleware object (see the example below) or update your existing configuration accordingly.

  1. Ensure that contentSecurityPolicy.directives.connect-src array includes "ws:" and "wss:".
  2. Rebuild Strapi and test record locking features.
  3. You should not encounter any Content Security Policy errors in the console.
module.exports = [
    name: "strapi::security",
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          "connect-src": ["'self'", "https:", "ws:", "wss:", "http:"],
          "img-src": [
          "media-src": ["'self'", "data:", "blob:"],
          upgradeInsecureRequests: null,
  'strapi::cors', ...

While optional, it is highly recommended to implement this step to prevent Socket.io from falling back to the HTTP protocol and generating the following error in the web console.
Refused to connect to <protocol>://<url> because it does not appear in the connect-src directive of the Content Security Policy

🛣️ Road map

Are any of these features significant to you? Please show your support by giving a thumbs up on the linked issues. This will help us assess their priority on the roadmap.

🐛 Bugs

We manage bugs through GitHub Issues.
If you're interested in helping us, you would be a rock ⭐.

🧔 Authors

The main star: Martin Čapek https://github.com/martincapek
Developer: Filip Janko https://github.com/fikoun
Maintainer: Ondřej Mikulčík https://github.com/omikulcik
Project owner: Ondřej Janošík

💬 Community

Join our Discord server to discuss new features, implementation challenges or anything related to this plugin.

🚀 Created with passion by Notum Technologies

  • Official STRAPI partner and Czech based custom development agency.
  • We're passionate about sharing our expertise with the open source community, which is why we developed this plugin. 🖤

✔️ We offer valuable assistance in developing custom STRAPI, web, and mobile apps to fulfill your requirements and goals..
✔️ With a track record of 100+ projects, our open communication and exceptional project management skills provide us with the necessary tools to get your project across the finish line.
📅 To initiate a discussion about your Strapi project, feel free to reach out to us via email at sales@notum.cz. We're here to assist you!

🔑 Keywords




Package Sidebar


npm i @notum-cz/strapi-plugin-record-locking

Weekly Downloads






Unpacked Size

23 kB

Total Files


Last publish


  • omikulcik
  • martincapek
  • ondrej.janosik