When using Uniform Canvas Preview with Vercel projects that have Deployment Protection enabled, you may encounter authentication failures. This occurs because Canvas Preview operates within an iframe, and the Vercel authentication cookie uses SameSite=Lax
, preventing it from being included in requests originating from the Canvas Preview iframe. As a result, Canvas Preview receives "not authorized" responses when attempting to access protected Vercel environments.
SameSite=Lax
settings that prevent it from being sent with requests from the Canvas Preview iframeThe solution is to use Vercel's Protection Bypass feature, which allows specific requests to bypass the Deployment Protection mechanisms.
x-vercel-protection-bypass=<your-vercel-bypass-secret>
x-vercel-set-bypass-cookie=samesitenone
https://your-vercel-url/api/preview?secret=<your-preview-secret>&x-vercel-protection-bypass=<your-vercel-bypass-secret>&x-vercel-set-bypass-cookie=samesitenone
Now verify that Canvas Preview can now successfully access your protected Vercel environments by reloading preview.
Happy previewing on Vercel!