picocms/Pico

PicoCMS as part of headless CMS infrastructure

notakoder opened this issue ยท 2 comments

notakoder commented

Assuming that you want content (articles) to be also served in a mobile app, a workaround is to (move the content folder out of the web server root and ) allow other services to access the content folder using an markdown parser.

What do you think of such a set up and is there a better one?

mayamcdougall commented

Not sure exactly what the question is...

But yes, you're probably safe to let multiple things touch the content folder, and/or moving it outside of your webroot.

Depending on what makes more sense for your setup, you could either Symlink to Pico's content folder from your other app, or you could move content to a central location and Symlink them both to it.

Pico should be pretty indifferent to that as long as it can still follow the Symlink to access the files (eg, it's located somewhere your web server's user account has access to).

I used to sync my content folder using Nextcloud (just syncing the content files, not using "Pico for Nextcloud"). The content folder "lived" in Nextcloud (because Nextcloud is not as tolerant of Symlinks as Pico is), and my Pico instance had a Symlink to it instead of the actual content folder. It worked really great back in the day. ๐Ÿ˜‰ (I just don't use Nextcloud at the moment).

All that being said, be careful if you do start Symlinking to stuff outside of your webroot, since everything you link to will behave as if it were really there. Symlink to the wrong folder and suddenly you've granted web access to a part of your filesystem you didn't intend to!

And of course, just a disclaimer that this is not security advice, as it could quickly spiral into a mess if done incorrectly. Web server configuration is complicated, and largely out-of-scope since it's not Pico-specific.

Also, although Symlinking the content (and maybe assets) folder should be fine, remember that allowing access to some of Pico's other folders (its root, config, themes, plugins, etc) would essentially be the same as allowing access to execute code. It could be fine, but you'd be opening yourself up to whatever security holes the other apps you're sharing access with might have.

Get creative and have fun with your setup, just stay safe in the process. ๐Ÿ˜

notakoder commented

There wasn't an exact question except what is the best way to share Pico's content across many services like a headless architecture. Seems like we are on the same page.

Thanks.

  • ๐Ÿ‘1