I wonder if there is a way to bypass required login/error page when restricting content and media (via Media Protect) package. While this made sense in "old" days, sometimes it didn't need to set the error page as it just returned current page. Furthermore in headless setup, this doesn't necessarily make sense as login page are handled via config setting https://docs.umbraco.com/umbraco-cms/reference/content-delivery-api/protected-content-in-the-delivery-api https://github.com/umbraco/Umbraco-CMS/discussions/17492 https://cdn.discordapp.com/attachments/1335970161638772848/1335970162108796968/image.png?ex=67a21aab&is=67a0c92b&hm=989e7b2057c4c8d396d26beff61dd12f3c23a584e67459b166c9e68c11c36a3b&

I answered in your discussion 🙂

If you use media protect in a headless situation you STILL need to make sure Umbraco and Mediaprotect run on the server otherwise you can still access the media by calling the mediaitem directly. And if that happens mediaprotect will just redirect to the configured login page or no access page.

It does indeed. It is more that content editor doesn't need to configure this on many different nodes, when it is basically the same. At least in our use-case. I wonder though if

LoginPath

set it respected by MediaProtect as well. We have the following based on Kenn's demo: https://github.com/kjac/UmbracoDeliveryApiAuthDemo

public class ConfigureCustomMemberLoginPathComposer : IComposer
{
    public void Compose(IUmbracoBuilder builder)
        => builder.Services.ConfigureOptions<ConfigureCustomMemberLoginPath>();

    private class ConfigureCustomMemberLoginPath : IConfigureNamedOptions<CookieAuthenticationOptions>
    {
        public void Configure(string? name, CookieAuthenticationOptions options)
        {
            if (name != IdentityConstants.ApplicationScheme)
            {
                return;
            }

            Configure(options);
        }

        public void Configure(CookieAuthenticationOptions options)
            => options.LoginPath = "/login";
    }
}

When accessing protected content it redirects to

/login

You don't access the headless solution in case of media, you access media directly there is no headless front-end but indeed with middleware you can achieve everything

@Richard Soeteman one thing in noticed on Umbraco Cloud and Media Protect. Transferring content nodes with protection to development is restored on remote environment. This doesn't happen with protected media nodes. It transfer the media folder/files, but they are unprotected on development. Not sure if Umbraco Deploy has a connector or something to make this possible. FYI: https://github.com/umbraco/Umbraco.Deploy.Issues/issues/253

I didn''t make it 😉 Don't have deploy...

I know 🙂 Umbraco Commerce (formerly Vendr) needed a connector to handle artifacts with Deploy and similar connector with uSync. But I don't how it is handled in Deploy. Perhaps it need a connector for Deploy, but it would most likely be an add-on or perhaps possible with custom code. Otherwise we would just handle protection manually on each environment 😄