Expiring URLs ⏳
Published links can now auto-expire. A link lives for a chosen window (hours / 1d / 2d / 7d / 30d) or Never — the default is 30 days, configurable per-install and overridable per-publish.
- Edge-enforced. Expiry is checked at the edge by the same Cloudflare Pages Function used for password protection, so a link dies on schedule even when your machine is off. An expired link returns a branded 410 "Link expired" page.
- Composable with passwords. An expired protected link returns 410 — it can't be unlocked with the password.
- CLI:
pagecast publish <file> --expires <7d|12h|never>(prints the resolved expiry). - Dashboard: a per-link Expiry picker (presets + Never, live "Expires in …/Expired" label) and a Default link expiry card in Settings.
- API:
POST /api/publications/:token/expiry,POST /api/config/expiry.
Notes
- The publish flow now commits-before-deploy when gated, so the first deploy already carries the gate (previously a first publish could ship ungated until a later redeploy).
- Fixes a pre-existing
authCookieSecretleak onPOST /api/config/badge(now returns the redacted config).
Already-published permanent links are unaffected — only new/re-published links pick up the default.
Full changelog: https://github.com/Amal-David/pagecast/commits/v0.1.6