Prismic live preview, how to stop people viewing the page on production

Hello all,

We've recently integrated the support for live editing, and while I think it's a great feature, I'm not crazy about having the /slice-simulator route accessible on production.

It seems like this currently has to be possible in order for the live preview to work though.

Are there any ways around this which will allow the live previews to work, but not allow our customers to visit this page?

Of the top of my head I can think of a few:

  • giving some obscure name to the route to make it harder to guess (still accessible)
  • passing a query string with a "key", via the URL set in the CMS for the live preview URL, verified on the "page" (don't want to spend too much time looking into whether this will work)
  • some kind of checking of where the request comes from (again don't want to spend a lot of time looking into this)
1 Like

Hi Paul,

Talk about timing. @angeloashmore opened a PR that adds support for a more secure Next.js /slice-simulator route: feat(adapter-next): support secret in /slice-simulator route.

Let me know if you have any questions

Thanks.

1 Like

Thanks @Phil, that looks like what we needed! Any ideas when this will be merged?

No ETA right now, but it shouldn't be long, keep an eye on the PR :slight_smile: