This post is an update to my previous post on this topic which covers the concepts and approach however Sitecore JSS/Headless has had some significant changes for Sitecore 10.3.X and XM Cloud to enable new capabilities so I wanted to include the steps to achieve this in the new world.
All posts in JSS
If you've started delving into the world of Composable SaaS in recent times, you may have encountered a common issue when it comes to security and the typical existing Security Posture businesses have which doesn't quite align to the way in which Composable SaaS architectures need to work.
Managing multiple heads means you have multiple env variable files and need to have environment-specific values for a lot of these as you move between environments. Let's also assume you want to have 3 seperate environments on top of your own local development environment
In this article we'll take a look at how you might want to add a SSG Head into a multi-site solution. What the key points of difference are and how you can configure your Headless solution to export to static files which you can host on any webserver that can serve JS, CSS and HTML.
This article covers what you need to know to apply the necessary Security Headers to lock down your Headless Sitecore solution at the application layer. We're using a NextJS Headless solution deployed to Vercel and Sitecore CMS deployed to Azure PaaS.