Deployment protection not applying to Preview Deployments

How to apply/trigger Deployment Protection only for Preview Deployments?

I have a project deployed that uses a free tier API with limited calls per day and I have currently disabled it during production.
I set up NextAuth via GitHub and would be able to protect one domain - my production domain with that.
I am currently using that only in my local dev environment and you have to successfully login with a GitHub account or credentials.

I applied Deployment Protection in my project settings through the dashboard, as documentation advises no other changes within the code for it to apply only to the Preview Deployments, but even with documentation I am not certain that I understand it correctly.
I set it to “Only Preview Deployments” but both Preview Deployments are still publicly accessible (tested by opening them in a private browser)

Deployment URL or Custom Domain: https://drone-forecast.vercel.app/
Environment preview: https://drone-forecast-f7hhq2xyh-siggis-projects-e42551a4.vercel.app/
Project Framework: Nextjs 14.2.17
Build Settings:
  Framework Preset:
  Build Command (if not default):
  Output Directory (if not default):
  Install Command (if not default):
Node/Runtime Version: 10.9.0
Package Manager: npm
Relevant Packages:     next-auth: 4.24.10

Hi,

Deployment protection requires a redeployment. Did you redeploy your app after enabling the settings?

Okay, so that worked :sweat_smile:
But somehow in a different way than I expected.

It was not the way that I was expecting.
After redeployment all three URLs are now covered by my GitHub NextAuth/credentials setup - I logged in with the credentials I created for this and it looks nothing like the Deployment Protection screenshots in the documentation - no “request access” or anything

I disabled the Deployment Protection just to make sure - and yes, this was not the Deployment Protection layer, it is my NextAuth implementation.

Now I am even more confused because I want to learn how to apply the protection - also I don’t know why my NextAuth OAuth application settings are covering the Deployment URLs because the homepage URL is currently still set to the default: http://localhost:3000

My project is now currently protected, but I don’t understand why

Hi,

request access option will only appear if the user is already logged in to Vercel dashboard and not part of your Vercel team where the deployment currently belongs to. You can open the URL on Incognito to test it. Once you login, it will redirect to Login – Vercel page so you can login. If you don’t belong to that specific team, it will ask to request access.

Okay, this information about

  • being logged into Vercel dashboard
  • not being part of the team

would be helpful to put in the official documentation, because it mentions none of this. I will test it with another user, but now it appears I still don’t understand how my NextAuthentication with OAuth via GitHub and credentials suddenly extends beyond my localhost:3000 to all three deployments

should I open another topic for this?

Thank you for your swift help

Yeah if you can create a new topic with screencast, that would help. I am little confused about what behaviour you are seeing and if it’s expected.

Regarding the documentation, can you send me the link? I just want to make sure we both are on the same page.

yes, this is the link to the Deployment Protection

It does not mention when to expect the “request access” to show up - maybe more experienced developers will know that you have to be logged in and not already be part of the team :sweat_smile: but as a layman I would have spent more time trying to figure out why it is not showing

I will prepare a screencast for the NextAuth implementation in a new topic, thanks

1 Like

Understood. I will review it tomorrow and see if we can make the wording better. Thanks for feedback! <3

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.