Protection Bypass for Automation
Protection Bypass for Automation is available on all plans
The Protection Bypass for Automation feature lets you bypass Vercel Deployment Protection (Password Protection, Vercel Authentication, and Trusted IPs) for automated tooling (e.g. E2E testing).
The generated secret can be used to bypass deployment protection on all deployments in a project until it is revoked. This value will also be automatically added to your deployments as a system environment variable .
The environment variable value is set when a deployment is built, so regenerating the secret in the project settings will invalidate previous deployments. You will need to redeploy your app if you update the secret in order to use the new value.
- Team members with at least the member role
- Project members with the Project Administrator role
To use Protection Bypass for Automation, set an HTTP header (or query parameter) named with the value of the generated secret for the project.
Using a header is strongly recommended, however in cases where your automation tool is unable to specify a header, it is also possible to set the same name and value as a query parameter.
To bypass authorization on follow-up requests (e.g. for in-browser testing) you can set an additional header or query parameter named with the value .
This will set the authorization bypass as a cookie using a redirect with a header.
If you are accessing the deployment through a non-direct way (e.g. in an ) then you may need to further configure by setting the value to .
This will set to on the header, by default is set to .
const config: PlaywrightTestConfig = { use: { extraHTTPHeaders: { 'x-vercel-protection-bypass': process.env.VERCEL_AUTOMATION_BYPASS_SECRET, 'x-vercel-set-bypass-cookie': true | 'samesitenone' (optional) } }}Was this helpful?