DEV Community

Cover image for Sitecore XM Cloud and Vercel Deployment Protection
Jason St-Cyr for Sitecore

Posted on • Originally published at jasonstcyr.com on

Sitecore XM Cloud and Vercel Deployment Protection

Recently, Vercel made Deployment Protection the default for all new projects in Vercel. This is great news! This means that all your deployments will automatically be able to be secured with authentication, passwords, or trusted IPs.

However, your Sitecore XM Cloud build might not be set up yet to work with Vercel's Deployment Protection. You may encounter a 401 authentication error (unauthorized) when accessing static assets for things like CSS where your Next.js application is trying to use the VERCEL_URL to access these assets.

Updating your Next.js application to use deployment protection

If you are planning on launching a new project on XM Cloud, you'll likely want to take a look at these docs so that you can make sure JSS app is loading these protected assets correctly:

Use Vercel's cloud platform features to limit access to your site deployments

But what if I don't want this Vercel feature?

You might have scenarios where you'd like to have overall security but in certain use cases you just want to bypass it altogether. Perhaps you are running End To End (E2E) testing, or maybe you have a particular preview environment you are sharing around to others for review. Vercel has a few steps you can take to bypass the deployment protection: https://vercel.com/docs/security/deployment-protection/methods-to-bypass-deployment-protection

You can also turn off the protections completely in the Project Settings ▶ Deployment Protection tab of your Vercel project.

Project Settings Deployment Protection tab with protection disabled]

Top comments (0)