Page Preview

🌐 Multi-Channel Page Preview Support

Sylius supports multiple Channels, each associated with a dedicated hostname.
To enable page previews across different channels (and thus across different hostnames), this plugin must bypass security restrictions—but only in ways that are legitimate and permitted by the browser.

`KernelResponseListener.php`

To achieve this behavior, a listener is implemented in:

src/Event/KernelResponseListener.php

This listener sets two response headers that allow a page to be embedded in an iframe from another host:

X-Frame-Options: always
MDN reference
Content-Security-Policy: frame-ancestors 'self' <list-of-channel-hostnames>
where <list-of-channel-hostnames> is a space-separated list of all configured hostnames.
MDN reference

Web Server Configuration

To ensure the KernelResponseListener works properly, make sure your web server does not override the Content-Security-Policy and X-Frame-Options headers.

🌍 Default Locale Behavior

Symfony defines a default locale, see config/services.yaml

config/services.yaml

1# Put parameters here that don't need to change on each machine where the app is deployed
2# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
3parameters:
4    locale: en_US
5

By default, Sylius requires each entity (and thus content blocks) to be translated at least in the default locale.
DegDitor respects this rule and allows adding blocks only if you're editing in the default locale.

For this reason, when editing a page, you'll always see the default locale in the locale dropdown - even if the current channel doesn’t include it.

Example:

You have two Channels: A and B
Default Locale: en_US
Channel A supports: en_US
Channel B supports: fr_FR, de_DE (but not en_US)

When editing a page in Channel B, you'll still see en_US in the list of locales, since it's the default locale.
This allows you to add blocks, even though en_US isn't technically part of Channel B.

👁️ Firewall Restrictions in Preview mode

Sylius uses Symfony firewall to control access to shop, admin and API routes.
The shop firewall uses a regular expression (defined by sylius.security.shop_regex) to match URLs based on the path only (query strings are ignored).

By default, this regex blocks access to those routes whose locale is not configured for the current channel.
So in the above example, trying to preview a page in en_US while editing in Channel B would fail - even though you're allowed to add blocks in en_US.

As a result, you might be able to edit the content, but not preview it.

Fix: Overwriting the Shop Regex

To fix this limitation, we override the default Sylius regex:

packages/FiftyDegSyliusDegditorBasePlugin/src/Resources/config/parameters.yaml

sylius.security.shop_regex

We define:

sylius.security.default_shop_regex: the original Sylius value
sylius.security.shop_regex: a custom regex that extends the original one to allow access to DegDitor pages in the default locale, even if not listed in the current channel.

This override ensures that previews work correctly across channels and locales.

Three, two, one...

Ready for DegDitor?

Try the plugin

Experience the best features at no cost

Get a better understanding of DegDitor and how it works

Test it risk-free and see the results

Try it

Get a demo

Get a personalized demo tailored to your unique needs

Preview our pricing plans

Evaluate DegDitor against your requirements

Get a demo

We are here for you

After months of intense development, it’s time to put DegDitor to work. For feedback, questions or information please contact us!