volto-middleware-rejectanonymous
v0.1.2
Published
volto-middleware-rejectanonymous: Volto add-on for add security with HTTP headers
Downloads
221
Maintainers
Readme
volto-middleware-rejectanonymous
Volto add-on that reject unconditionnally anonymous users from a Volto site.
They should be redirected to a login form (customizable).
When login management is outside Plone, the first SSR page load is without login headers, so you have to refresh the page to have the proper tokens.
With this middleware, you can force SSR to make a fake call to a Plone view that simply make a redirect (and returns the auth tokens).
Getting started
Try volto-middleware-rejectanonymous with Docker
Get the latest Docker images
docker pull plone docker pull plone/volto
Start Plone backend
docker run -d --name plone -p 8080:8080 -e SITE=Plone -e PROFILES="profile-plone.restapi:blocks" plone
Start Volto frontend
docker run -it --rm -p 3000:3000 --link plone -e ADDONS="volto-middleware-rejectanonymous" plone/volto
Go to http://localhost:3000
Add volto-middleware-rejectanonymous to your Volto project
Make sure you have a Plone backend up-and-running at http://localhost:8080/Plone
Start Volto frontend
If you already have a volto project, just update
package.json
:"addons": [ "volto-middleware-rejectanonymous" ], "dependencies": { "volto-middleware-rejectanonymous": "^0.1.0" }
If not, create one:
npm install -g yo @plone/generator-volto yo @plone/volto my-volto-project --addon volto-middleware-rejectanonymous cd my-volto-project
Install new add-ons and restart Volto:
yarn yarn start
Go to http://localhost:3000
Happy editing!
Configuration
This add-on can be enabled with an environment variable RAZZLE_REJECT_ANONYMOUS
. It is disabled by default.
Default redirect url is /login
but you can override it with RAZZLE_REJECT_ANONYMOUS_REDIRECT_URL
environment variable.
How to contribute
See DEVELOP.md.
Copyright and license
See LICENSE.md for details.