Skip to main content
Launch offer: 50% off all Capell extensions and suites while the first-party marketplace catalogue is being shaped. Claim launch offer
Capell home
Cookie preferences

Essential storage keeps Capell secure. Optional analytics stay off unless accepted.

Cookie Policy

Security and governance for public CMS output

CMS governance is not just permissions in the admin. It is also what public pages do not reveal: editor URLs, admin selectors, field paths, package internals, signed preview details, and role state.

Capell keeps those boundaries explicit while still supporting access gates, package review, marketplace operations, public rendering, and content publishing.

Public-safe output Access gates Package review
Capell trust and security visual for public CMS governance.
Read trust model Open site operations

Governance concerns Capell keeps separate

Capell governance starts with a strict public boundary. Editors need powerful tools; visitors and crawlers need clean pages.

Admin/editor separation Filament screens, authoring selectors, permissions, and editor state must stay out of anonymous public HTML. Open detail
Access gates Gated pages and downloads can use Laravel-owned access flows without exposing signed editor URLs. Open detail
Package review Extensions should declare install impact and public surfaces before they enter a live CMS application. Open detail
Public rendering tests Smoke tests and audits should assert that public pages render useful content without leaking editor metadata. Open detail
Questions

Security governance questions

The public site should receive render data, not authoring implementation detail.

Can editors preview pages safely?

Yes, but preview mechanics should not leak signed URLs, editor selectors, field paths, or workspace IDs into normal public output.

Are packages trusted automatically?

No. Package-led growth works because packages can be reviewed, tested, and described before install.

Does governance slow editors down?

Good governance should make editing safer, not slower: approved widgets, validation, previews, roles, and review paths reduce accidental damage.

Next step

Give editors power without exposing the machinery

Security governance connects naturally to trust and operations: verify the public pages, then keep that boundary intact as packages and workflows change.

Read trust model Open site operations