8a79e59855
Similar to #10876. There were a number of things wrong or in need of improvement with the Draft Preview implementation of the Website Template, namely: - The preview secret was missing entirely, with pointless logic was written to throw an error if it missing in the search params as opposed to not matching the environment secret. This will ensure that only admin users, not _any_ user, can enter into preview mode. - The preview endpoint was unnecessarily querying the database for a matching document as opposed to letting the underlying page itself 404 as needed, and it was also throwing an inaccurate error message. The preview route already checks that the path is relative, so there is no security risk of redirecting to another domain. - The `/next/exit-preview` route was duplicated twice. - The logic to format search params in the preview URL was unnecessarily complex.
18 lines
494 B
Plaintext
18 lines
494 B
Plaintext
# Database connection string
|
|
DATABASE_URI=mongodb://127.0.0.1/your-database-name
|
|
|
|
# Or use a PG connection string
|
|
#DATABASE_URI=postgresql://127.0.0.1:5432/your-database-name
|
|
|
|
# Used to encrypt JWT tokens
|
|
PAYLOAD_SECRET=YOUR_SECRET_HERE
|
|
|
|
# Used to configure CORS, format links and more. No trailing slash
|
|
NEXT_PUBLIC_SERVER_URL=http://localhost:3000
|
|
|
|
# Secret used to authenticate cron jobs
|
|
CRON_SECRET=YOUR_CRON_SECRET_HERE
|
|
|
|
# Used to validate preview requests
|
|
PREVIEW_SECRET=YOUR_SECRET_HERE
|