To get your code sample to work, you need to replace Url::query('token')
with get('token')
.
However, this code is not checking that the token is valid – any URL containing a non-empty token
parameter would give access to the preview. Maybe this thread helps investigating further, if that’s what you need; sounds like a check for being logged-in – something like if(kirby()->user())
– might be the easiest, whereas generating and validating a bespoke token for a virtual page might be tricky …but maybe somebody more knowledgeable might still chime in with a suggestion here?