Astro: Disable Admin UI Routes in Production

🙏

This is a community contribution from Florian Lefebvre — thank you Florian!

When using the local strategy, you may want to disable access to the /keystatic routes in production.

Here's how you can prevent access to (and indexing of) those routes if you're using the Astro framework.

Adding redirects

You can redirect visits to the /keystatic route in production with Astro.redirect:

---
// src/pages/keystatic/[...params].astro
import { Keystatic } from '../../../keystatic.page'

export const prerender = false

+ if (import.meta.env.MODE === 'production') {
+   return Astro.redirect('/')
+ }
---

<Keystatic client:only />

You will need to do the same for the api/keystatic routes:

// src/pages/api/keystatic/[...params].ts
import { makeHandler } from '@keystatic/astro/api'
import keystaticConfig from '../../../../keystatic.config'
+ import { APIContext } from 'astro'

- export const all = makeHandler({
-  config: keystaticConfig,
- })

+ export const all = ({ ...params }: APIContext) => {
+  if (import.meta.env.MODE === 'production') {
+    return params.redirect('/', 307)
+  }

+  return makeHandler({
+    config: keystaticConfig,
+  })(params)
+}


export const prerender = false

Excluding routes from sitemap

If you're using @astrojs/sitemap, you can exclude those routes as well:

// astro.config.mjs
import { defineConfig } from 'astro/config'
import sitemap from '@astrojs/sitemap';

export default defineConfig({
  integrations: [
+     sitemap({
+       filter: (page) => !page.includes("keystatic"),
+     });
  ]
})

Astro: Disable Admin UI Routes in Production

Adding redirects

Excluding routes from sitemap

On this page