Closed mbostock closed 8 months ago
I think (?) we can probably reuse that worker code and env.BASIC_AUTH_PASSWORD as-is, since observablehq.com and viewablehq.com are separate zones with separate worker envs.
Q: if these help pages are on github pages, can't users still go to those URLs directly and bypass anything we're checking at the Cloudflare layer?
Q: if these help pages are on github pages, can't users still go to those URLs directly and bypass anything we're checking at the Cloudflare layer?
What if we set a custom domain to something obscure, say, <random-hex>.observablehq.com
. Then guessing the domain should be as hard as guessing the password?
To clarify, we'd have to make the GH pages public but the random domain would make it difficult to guess the URL?
I assumed we just don't want a large number of people accessing the CLI GH pages before we officially launch. One concern would be the site is indexed and shows up in search results.
As a word of caution, subdomains can still get exposed through Certificate Transparency logs if certificates get issued for them.
Cindy and I looked into GIthub pages custom domains setup. It looks like configuring that causes requests to the original github.io domain to get 301'd to the custom domain.
https://ouyi.github.io/post/2018/01/14/github-pages-cname-file.html
So, that would protect again attempts to bypass the custom domain (good!). My remaining question is whether that would also redirect the Cloudflare worker's proxy fetch (bad!).
@mbostock I am in favor of the <random-hex>.observablehq.com
approach for now to avoid an extra step of authenticating to access documentation/examples. We can add the link as part of the create template
We’ll use a Cloudflare worker to enforce basic auth password protection for early access customers.