Closed alexwlchan closed 1 year ago
I think there are two things we could do here, which are separate:
I think we already have some code to do this, in the tool that manages custom types.
This feels moderately fiddly to get right; something like:
If we do, we should introduce it progressively, not all in one go.
This would fix the particular issue we saw today (but that's low priority). It would also open the door to…
Prismic has three levels of authentication:
I don't think we should use "Open API", because that would allow people to preview forward refs – and in particular, articles we haven't published yet.
If we were using access tokens for all our apps, we could switch to the Private API.
I don't know why we use the Public API; if I had to guess it's for ease of integration? It was one less thing to set up when we initially built the content web app, and we've never changed it. There may be a good reason to keep it, but I'm not aware of anybody but us ever using it.
If we made the API private, that would open the door to…
This is something we have to be careful about right now, because anything in Prismic is available through the public API.
There have been discussion about adding production notes to Prismic in the past (e.g. #4329), but I think we need the API to be private before we can do that safely.
This all feels like a moderate amount of work to get right (several days at a minimum) and it doesn't feel especially urgent, but I think we need to consider it if we're going to lean more on Prismic.
I'm going to rescope this to step 1 – using a token to access Prismic – and leave the other two items as open questions for the future.
If we enforced access tokens for Prismic, it makes the local dev workflow a bit more fiddly, because you need to get a token before anything works.
Closing as done, with 🤞 this sorts out our errors.
We got a 500 error from the content app today:
One of the content editors pushed "Publish" in Prismic at the exact same time as this request going in, so I think that was the issue – we allow unauthenticated access to the "master"/latest ref, but require authentication for everything else. The app fetched a ref that had just become outdated.
This should only occur very occasionally (once in the last fortnight, according to app logs), so it's not urgent to fix the 500 error – but it might open a broader conversation about how we do Prismic auth.
I'll put my thoughts in a comment, so they're separate from the problem statement.