Visibility of Squash URLs
This is how a typical Squash deployment URL looks like:
When you click on such URLs Squash will immediately start the deployment process for the branch of code associated with this URL. However, there are a few different scenarios that will affect how you see the progress of the deployment process.
Users authenticated in Squash
If you are currently logged in Squash then you will see the full deployment output within a loading page like the one below.
Note: this is also going to be case for Open Source projects, those will always see the loading page even for users who are not logged in Squash.
For users who are not logged in Squash, for security reasons Squash won’t display the full loading page. They will see a simple page like this:
Blocking Anonymous users from starting deployments
By default any users, regardless of being authenticated in Squash, can start a Squash deployment by clicking on a deployment URL. This is helpful when you are sharing such URLs with people outside your organization like clients and external QA teams. Even when a deployment expires these users will still be able to restart it by just accessing the Squash URL.
Squash also allows you to restrict deployment starts to only trusted users, users who are logged in Squash. You can do this by going to the repository settings page:
And then just uncheck the “Allow Anonymous Start” checkbox, and click “Save”.
Protecting deployment URLs with a password gate
You may also use Basic HTTP Authentication to define pairs of username/password to access the deployment URLs.
Protecting deployment URLs against bots
Squash will automatically block deployment starts when the requests are coming from a known list of bots. Learn more about bots accessing Squash URLs.