Obsidian Publish: Password protect only parts of the website/individual notes

Problem

When you use Obsidian Publish, everything you publish is visible. I would like to share a specifc set of information with different audiences.

For example, Philosophy 101 only sees notes they have access to see. Philosophy 201 only sees notes they have been given access to, etc.

In addition, sometimes I’m working on a small project and I want to share just a few notes with a friend, but I don’t want to share everything in my vault.

Proposed solution

I would like to give access to notes on a per folder basis. For example, everything in the Philosophy 101 folder has a password that is different from the Phil201 folder.

Current workaround (optional)

My current workaround is to copy and paste from Obsidian into Craft.

Of course, the other solution is to buy additional licenses and use Obsidian Publish as it is designed! I want to use Obsidian in a school context and I see something that is being worked on that might solve my problem.

Education/non-profit discount

+1

I would love to share customer’s specific content too.

This would be very helpful for me.

absolutely agree

+1, would be really handy

Craft is knocking it out of the park with “share to the web.” This would be amazing if something like this could be added to Obsidian Publish.

CleanShot 2022-06-07 at 19.09.32@2x712×960 82 KB

Desperately want this feature!

I would also love to have this feature.

Brillaint. +1, yes please.

+1. Now I am not sure if I want to put my money into publish feature.

+1. Otherwise might explore some kind of Cloudflare Zero Trust type deal.

+1, for all of the above reasons

+1, this would be tremendously useful.

+1000!!!

+1. I’m literally 10min into Obsidian Publish, this feature can be very helpful for a lot of workflows.

+1 This would be very helpful for me

this only works when if user enter the protected page by url. If user enter the protected page from a non-protected page, this doesn’t work.

I don’t have Publish so I can’t test it, but I assume it’s because it’s a single page app. You can have Cloudflare inject some JavaScript to redirect the user when it detects that they travel from an open page to a protected one. It shouldn’t be that hard.

That being said, as the protection is happening clientside a clever person could remove it and browse the whole site, so it wouldn’t be for any critical applications. The only way to do that would be for Obsidian to add the functionality.

Hi AlanG,

How might one configure Cloudflare to ‘inject some JavaScript to redirect the user when it detects that they travel from an open page to a protected one’? You raise an important point about this level of protection occurring client-side, nonetheless, this would be helpful.

I have deployed the same Auth Challenge protection to a route as per the walkthrough from 403.ie, and, as yomaru indicated, such Cloudflare ‘routes’ evidently remain unprotected when navigating via links or in-page search results on open pages:

Enter the path to the subdirectory you want to protect, including an (asterisk) at the end to ensure all recursive content is protected (ie. 403page.com/private_directory/*). Click Save.

Then head back to the main Workers page where you set the route before. You’ll notice the route you added earlier (403page.com/private_directory/* in my case) shows the following message:

Workers are disabled on this route

HOW TO: Use Cloudflare Workers to enable Basic Auth on a subdirectory - 403 Page Labs

Use the Cloudflare worker to add a <script> section into the DOM which watches for any click event, and check if the location they’re clicking to should be protected. If so, redirect them to a signup page, etc.

<script>
document.addEventListener('click', event => { 
  // check and redirect
})
</script>