Privacy rules - Access through unique URL


I have the following setup in my privacy rules to enable my customers to access a table of my database if they have access to the URL we only share with them.

The way it works is the following: each user as a Project_slug field which is set to the Project Slug (using the Get data from URL) when the page is loaded

By setting up the following Privacy Rule, I allow everyone who has the URL to access the data on this page (which is not perfectly safe but there is no real sensitive data so it’s enough for me).

Everything works well, EXCEPT when I load the page in incognito mode. When in incognito mode, it works sometimes and sometimes it doesn’t.

The only explanation I have is that there is something related to the cookies? I found another user who had the same issue but it was not solved.

Does anyone has an idea why this happens? Or if there is another workaround to bypass the privacy rules when the user has a unique URL only shared with him?

1 Like

Yep I think that would be a cookie related issue.

Is it essential for it to work in incognito mode though?

One thing to test (IDK if it will work) is having an “access content” button or something which tries to run the change to project_slug workflow again if it isnt set on page load.

If not that, and the data isn’t sensitive, then can I ask why privacy rules in the first place?

I would highly recommend you to submit a bug report to get a quicker response, since the Support team can dive down into the scenario.

Otherwise, I suggest maybe saving the url in a different field from the slug. Just create a new duplicated field to store the slug. Then you can see whether it’s an issue of the slug data field or just general incognito mode.

Hey @Oliver-wholegraintech

Thanks for your reply. I would prefer my app to work without cookies as it also includes Safari which is widely used.

Your idea seems smart! Although the page needs to display without any button to be pressed… Maybe I’ll try to trigger a customer event on page load which then triggers again the project_slug workflow.

Thank you very much for your help @bruno_nocode .

I have submitted a ticket with bubble support team. I’ll let you know if it leads somewehere.

I’ll definitely try your suggestion to pass the project_slug as a parameter and not like a Slug (path).