Slice Preview & password protection

Hi,

The live preview works well with my localhost. Once hosted on Vercel with Password protection & Protection Bypass for automation, i get an error. I tried to set my live preview to [my domain]/slice-simulator?x-vercel-protection-bypass=[my token] but i get a 401 error.

For example : /_next/static/chunks/b2d34475c0f3dc7d.js?dpl=dpl_7Y4N1Nnq1cctqoLCK873tPeF7fju net::ERR_ABORTED 401 (Unauthorized)

slice-simulator:1

I used the same way to enable a Webhook and it works fine so it’s not a token issue or wrong configuration on Vercel i think.

Any idea ?

Thanks

Hey @thomas.ogier, welcome to the community

What’s happening is consistent with how Vercel Deployment Protection bypass works in a browser:

• Your first request to /slice-simulator?... includes x-vercel-protection-bypass=..., so that one request can be authorized.
• But then the page loads a bunch of assets like /_next/static/chunks/...js without your query param, so Vercel falls back to its normal protection check → 401 on static chunks (exactly what you’re seeing).

Vercel’s intended fix for this is: set a bypass cookie on the initial request, so subsequent asset requests are authorized.

Fix: add x-vercel-set-bypass-cookie (and for iframe: samesitenone)

Update your Prismic Live Preview URL to include both params:

https://your-domain.com/slice-simulator
  ?x-vercel-protection-bypass=YOUR_TOKEN
  &x-vercel-set-bypass-cookie=samesitenone

Why samesitenone? Prismic Live Preview often loads your site indirectly (e.g. in an iframe), and Vercel notes you may need samesitenone so the cookie is usable in that context. (Vercel)

After this, the first request sets the cookie via redirect, and /_next/static/... requests should stop 401’ing.

Let me know if that fixes it for you

Hi,

Sorry for late reply, i was expecting an email notification of this answer, I guess i didn’t change default configuration.

Anyway, thanks for your answer, it works just fine!

regards,
Thomas