host: experimental unguarded create-only POST /new — editor publishes live, 173/173
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 19s
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 19s
host/blog-open-create-routes mounts POST /new with error-trapping but NO auth (create-only; no PUT/DELETE), so the SX editor can publish to the host end-to-end on the experimental subdomain. VALIDATED LIVE: editor-style form-urlencoded POST -> 303 -> post renders at /<slug>/ and lists on /. Deliberate short-lived public write hole (create-only, obscure subdomain). MUST be gated before real use: Caddy basicauth on /new, or session auth. Swap host/blog-open-create-routes -> host/blog-write-routes <resolver> to gate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -199,3 +199,11 @@
|
||||
(dream-post "/posts" (host/blog--protect resolve host/blog-create))
|
||||
(dream-put "/posts/:slug" (host/blog--protect resolve host/blog-update-handler))
|
||||
(dream-delete "/posts/:slug" (host/blog--protect resolve host/blog-delete-handler)))))
|
||||
|
||||
;; EXPERIMENTAL: create-only, UNGUARDED — POST /new form ingest with error
|
||||
;; trapping but NO auth, for validating the editor->host publish loop on the
|
||||
;; experimental subdomain. Create-only by design (no PUT/DELETE), so the worst
|
||||
;; case is junk posts, not overwrite/delete. GATE before any real use.
|
||||
(define host/blog-open-create-routes
|
||||
(list
|
||||
(dream-post "/new" (host/pipeline (list host/wrap-errors) host/blog-form-submit))))
|
||||
|
||||
Reference in New Issue
Block a user