Netlify-cms: Netlify CMS doesn't work when hosting on Netlify with access restriction

I believe this is caused by a known issue which we are tracking here internally:

https://github.com/netlify/bitballoon/issues/746

...which is due to netlify's proxying behavior rather than the CMS or Identity specifically.

It's also worth noting that this issue is particular to the git-gateway backend. You can still use the github backend with password-protected sites.

We're currently restructuring the Authentication & Backend docs (#751), but you can find configuration details for the github backend in this preview:
https://preview-auth-doc--netlify-cms-www.netlify.com/docs/authentication-backends/#github-backend

[https://tr.cloudmagic.com/h/v6/emailtag/tag/2.0/1511183055/868b95048961cf5caf12bf33ece8bef6/2/50b4363aff1c1f0726e4ba054b2d8612/84d4734703a03399f5cda43e96a27f98/b630141837af9bc43e9111f0844e80df/newton.gif]
thanks for your input!

i managed to get it to work with the github backend like jessica suggested - that works well enough for now.

kind regards,
my

On Tue, Nov 14, 2017 at 21:34, Jessica Parsons notifications@github.com wrote:

It's also worth noting that this issue is particular to the git-gateway backend. You can still use the github backend with password-protected sites. We're currently restructuring the Authentication & Backend docs (#751https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnetlify%2Fnetlify-cms%2Fpull%2F751&data=02%7C01%7C%7C734fc0ad22b04e8cfa5108d52b9f0ee7%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636462884508268952&sdata=nR4rUgCE6zI3cX86gAl3SqH0V3jKQWEsJc4%2BnhBqxXk%3D&reserved=0), but you can find configuration details in this preview:
https://preview-auth-doc--netlify-cms-www.netlify.com/docs/authentication-backends/#github-backendhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpreview-auth-doc--netlify-cms-www.netlify.com%2Fdocs%2Fauthentication-backends%2F%23github-backend&data=02%7C01%7C%7C734fc0ad22b04e8cfa5108d52b9f0ee7%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636462884508268952&sdata=InMctc%2FZsbaEEKdcV5hEkRznr1xo6ZHvKAIjV5ajOaw%3D&reserved=0

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnetlify%2Fnetlify-cms%2Fissues%2F818%23issuecomment-344389249&data=02%7C01%7C%7C734fc0ad22b04e8cfa5108d52b9f0ee7%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636462884508268952&sdata=PlBdNtYANuieWqZQhMoJjK2yOVY4fWO6Y%2FKs4OxT5dQ%3D&reserved=0, or mute the threadhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAgE8XQqI9zuqU1Rs-WtsyCQMxiwFOw-aks5s2fkxgaJpZM4QdNbm&data=02%7C01%7C%7C734fc0ad22b04e8cfa5108d52b9f0ee7%7C40cc2915e2834a2794716bdd7ca4c6e1%7C1%7C0%7C636462884508268952&sdata=A%2FFyuRm2nPiKbqpGer%2BTQlncI7nSBBr8zDk7NOpETGU%3D&reserved=0.

This is now fixed as of 0.7.6.

Hi, I just tried this in v1.0.2 and v0.7.6 and using git-gateway. Works fine (and v1.0.2 looks nice) while Access Control is off. But collection items disappear from CMS when Access Control is on.

I'd sure like to give clients access to the CMS while sites are in development. Is there anything I can do to make this possible besides sign them up for Github accounts?

I must have had this mistaken with another issue, as it can't be addressed through the CMS, but my understanding is that it was fixed within the Netlify platform within the last two weeks. Testing now.

@criticalmash I'm not able to reproduce - accessing the cms prompts for the access control password as expected, but once that's entered, everything works. Can you provide a specific repro case?

Hi @erquhart thanks for looking into this. I setup a publicly accessable test case here: https://happy-hugle-12b322.netlify.com/admin/

And here's the repository: https://github.com/criticalmash/asm-pager-test

I used the password netlifytests under Password / JWT secret in the access control pane, and setup a git-gateway token under Identity without any roles.

The CMS config file is: https://github.com/criticalmash/asm-pager-test/blob/master/admin/config.yml
it contains a markdown file under each collection.

When the Password / JWT secret field is blank, I can see and access the a markdown file under each collection. When a password is set, I get 'No Entries'.

Let me know if there's any more information you need or if I should setup the test case differently.

Thanks and Happy New Year,
John

Thanks for the repro case - the response is the HTML for the password protection page. Looks like Netlify's Git Gateway is being blocked when there's a password.

@brycekahle thoughts on this?

Lets loop in @biilmann since he wrote git gateway.

@brycekahle @biilmann bump

Hi @brycekahle, @erquhart and @biilmann, any further thoughts on this issue ?
I guess the problem can be bypassed using Basic-Auth, but i don't now how to apply it only to non admin urls... Something like this :

/*
Basic-Auth: dev:lasagne
/admin
Basic-Auth: public

Any clue ?
Thanks !

@jcsibon I don't think this can be fixed from outside of Netlify's platform - that would mean that there's a way to bypass Netlify's password protection.

@brycekahle I don't think this is a git gateway problem. I could be wrong, but it seems this would have to be dealt with at the platform level.

@jcsibon Did you find a way to turn off Basic-Auth for certain paths? I'm stumped by the same thing!

There is no "except this path" or "not this path" directive in the headers specifications. there is only "this path and this other path and this path too and we didn't mention this last path so it is not covered"

There's actually another workaround for this issue - you can run Netlify CMS on a separate site.

To demonstrate, I deployed a site using the Netlify CMS Jekyll starter.

• repo: https://github.com/verythorough/jekyll-netlify-cms
• site: https://hidden-site.netlify.com/

Before adding password protection, I visited the site and added a post in the CMS. I could see the post in the main site as well as in the CMS Collection list.Then I turned on password protection, and confirmed that the post could no longer be found in the CMS UI.

You can try it yourself at https://hidden-site.netlify.com/admin
The site password is I'm hiding
Registrations are open, and I've enabled GitHub login, so you can log in quickly. You'll see that there are no posts in the collection list.

Next, I made a separate site, _from the same repo_, at https://open-cms.netlify.com
This time, I removed the build command and set the publish directory to admin.
I did _not_ turn on password protection, but did enable Identity and Git Gateway for login to the CMS. The only part of the repo that is published to this site is the CMS.

You can access it at https://open-cms.netlify.com, again using open registration with GitHub.
You'll see there are posts in the collection list, and when you add or edit a post, and it will build on the main site.

I used the Jekyll starter because the CMS setup in /admin is standalone, which made it easy to demo. You could include build tools, though, and you could separate the CMS from the main site in a variety of ways.

With a custom domain setup, you could have the main content site at sitename.com and the admin UI at a subdomain like admin.sitename.com.

Thank you @verythorough for the workaround!

For Gatsby, since I am using the gatsby-plugin-netlify-cms plugin I had to leave the Build command setting to gatsby build, and I set the Publish directory to public/admin

Cheers!

Awesome, @runofthemill!

@verythorough I created a site with password protection myself and I could not reproduce. Once I type in the password, the page reloads and the CMS login works normally. All posts show up. Any other necessary steps to reproduce?

@tech4him1 my use case may be somewhat different, but I believe where it doesn't work is having a subdomain for staging that you want password protected. The option to add a password via the UI doesn't work, as that applies to all domains for a site, even the production domain.

@runofthemill Mind walking me through how to reproduce that? How are you adding the password?

@tech4him1 You're right—looks like the reported issue with password-protected sites has been fixed in the 4 months since I wrote up that workaround. Must have been on the password-protection side of things, since I haven't updated the CMS on my test site.

@verythorough sounds like we can close this, please reopen if I misunderstood.

It looks like @runofthemill's question wasn't answered, but as I read it, it sounds like a separate issue with Netlify itself.

@runofthemill, this is out of scope for Netlify CMS, but a short answer for you is that you can create multiple sites from the same repository. You can stop running staging branch deploys on the production site, then add a new site that builds the staging branch only, with password protection on that site. You can assign that site a subdomain of your main domain. If that doesn't address your issue or you have any other questions, you can contact [email protected] for more help.