Puzzled as to why data at this endpoint are publicly accessible:
/articles?_publicationState=preview&published_at_null=true
Are there best practices to limit this data from being publicly accessible? In other words, how can I have drafts but prohibit them from being publicly accessible?
Thank you!
This is what I have come up with so far:
if (ctx.query._publicationState === "preview" && ctx.req.user?.confirmed) {
ctx.query._published_at_null = true;
} else if (ctx.query._publicationState === "preview") {
ctx.query._published_at_null = false;
}
1 Like
best option is to create a policy: Backend customization - Strapi Developer Documentation
Generalize the policy enough and store it as a global one, then you can attach that to any route where you want the drafts private.
1 Like
Wow! That is awesome–works like a charm! Thanks so much!
1 Like