Pull Request resolves # .

• I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.

Summary of Changes

This is alternative to #47569. The purpose is allow secure preview (unpublished/un-accessible) articles without requiring login from frontend of the site using an account with certain permissions.

Testing Instructions

• Uses Joomla 6.2
• Make sure you are not logged in in frontend of your site.
• Login to backend of your site, edit an article
• Try to use Preview button to see preview the article. Make sure you can preview the article, even if the article is unpublished or have Access set to certain access level different with Public.

Actual result BEFORE applying this Pull Request

Preview article requires user to login in frontend of the site and have certain permissions.

Expected result AFTER applying this Pull Request

Preview article does not require user to login from frontend. Secure mechanism is implemented using a secure, time-based token to make sure users can only preview article by accessing to the link generated by Preview button in the backend. And the preview link will be expired after the time configured in Preview Token Expiration (hours) parameter in com_content Options.

Additional Information

The code for creating and validating preview token in administrator/components/com_content/src/Helper/PreviewTokenHelper.php is not coded by hand. The JSON data structure, the validation, encode, decode... implements in the class comes from discussion with AI, and by looking at sample code from a JWT library. I have read and verify the accurate of the code, but if the implementation is accepted, I will ask for help from David Jardin for additional security review.

Link to documentations

Please select:

• Documentation link for guide.joomla.org:

• No documentation changes for guide.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed