Add a bit more detail to setup instructions

[johtso]

#37 #48

[changeset-bot]

⚠️ No Changeset found

Latest commit: 985759a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[JacobLinCool]

Thanks and LGTM.

Just a question for "The default access rules only restrict access to preview pages." Does Cloudflare Pages now has a default rule for preview pages?

[johtso]

Just a question for "The default access rules only restrict access to preview pages." Does Cloudflare Pages now has a default rule for preview pages?

Seems so! When I created a Pages project and enabled Access policy (from the manage tab) it was automatically set up with a rule for *.username.pages.dev (but not for username.pages.dev).

I was actually thinking we should probably be using the access control pages plugin middleware to enforce the JWT authentication at an application level so it "defaults closed" instead of open. I think that's a more secure approach. Otherwise when you first deploy the project it is completely open to the world potentially exposing your database. With the middleware you would have to explicitly set the relevant environment variables from Zero Trust and only then will you be able to access it.