Use preview without public access

Hi,

I am using Umbraco 13 to feed data to an application via an API. I am using the preview functionality on nodes to allow editors see how the content will look on the application side.

However this is allowing public viewing on the Umbraco public website. Is there a way to lock this down so no one is able to view it publicly?

Or even better make it so you must be logged into the backend to view the website?

We use something custom to do this.

  • We hijack the /umbraco/preview route
  • We create a JWT token and send that to the frontend
  • The frontend calls an endpoint to validate the token (which also contains a username, expiration time etc, so it cannot be reused)
  • If the validation succeeds, the frontend will show the preview version, otherwise just the regular version.
1 Like

This is interesting, I am trying something similar but am unable to find a reliable way to identify if the user is logged into to the backend.

Don’t suppose there is an example or some code that could be shared to see a bit more in-depth how this is being done.

I don’t think we actually check if the user is currently logged into the backoffice. But a user needs to be logged into the backoffice to click on the preview button and then the JWT token gets generated, which includes the user name. We do check if the user exists when validating the token. And because of the timeout, it cannot be reused indefinitly.

Is it perfect? Probably not, but it’s not as if preview content is a secret in most cases. And it’s better than not going anything.

The code is a bit long to just post here and I don’t have the time right now to filter it down.