Security

Preview Lock protects your preview URL from being freely accessed and misused.

Preview Lock Protection

The WebEngine preview URL is locked from public consumption. As such it will only render if:

  1. The user is logged in and has access to that instance.

  2. A valid password has been provided. This password is set by via the Settings under category: security and key: preview_lock_password is set, a user may enter the password to start a verified session.

Any instance created on or after Jan 1, 2021 is automatically locked. If your instance is older and you would like Preview Lock Protection, please reach out to support.

Once a user is verified by (via password or their user login session), a unique device imprint cookie ZVerified is created and is used to quickly bypass the preview lock for every network request.

Preview Lock Protection exists to protect your un-published changes and to prevent users from using the preview URL in production.

Preview Lock Protection Password

For Instances created before Jan 1, 2021, contact your account manager, as you will need a setting added to your instance. Once the Preview Lock Password text field has been added your preview URL will be password protected.

Setting a Preview Lock Protection Password

When the preview URL is being accessed by non-authenticated Zesty users, you may set a Preview Lock Password which prompts an unauthenticated user to enter a password. They may try 5 times before being locked out.