Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a bit more detail to setup instructions #50

Merged
merged 1 commit into from
Apr 7, 2024

Conversation

johtso
Copy link
Contributor

@johtso johtso commented Apr 4, 2024

Copy link

changeset-bot bot commented Apr 4, 2024

⚠️ No Changeset found

Latest commit: 985759a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@JacobLinCool
Copy link
Owner

Thanks and LGTM.

Just a question for "The default access rules only restrict access to preview pages." Does Cloudflare Pages now has a default rule for preview pages?

@johtso
Copy link
Contributor Author

johtso commented Apr 4, 2024

Just a question for "The default access rules only restrict access to preview pages." Does Cloudflare Pages now has a default rule for preview pages?

Seems so! When I created a Pages project and enabled Access policy (from the manage tab) it was automatically set up with a rule for *.username.pages.dev (but not for username.pages.dev).

I was actually thinking we should probably be using the access control pages plugin middleware to enforce the JWT authentication at an application level so it "defaults closed" instead of open. I think that's a more secure approach. Otherwise when you first deploy the project it is completely open to the world potentially exposing your database. With the middleware you would have to explicitly set the relevant environment variables from Zero Trust and only then will you be able to access it.

@JacobLinCool JacobLinCool merged commit 1e980bd into JacobLinCool:main Apr 7, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants