if(req.query.secret!==process.env.NEXT_EXAMPLE_CMS_SANITY_PREVIEW_SECRET||!req.query.slug){returnres.status(401).json({message:'Invalid token'})}// Fetch the headless CMS to check if the provided `slug` existsconstpost=awaitgetPreviewPostBySlug(req.query.slug)// If the slug doesn't exist prevent preview mode from being enabledif(!post){returnres.status(401).json({message:'Invalid slug'})}// Enable Preview Mode by setting the cookiesres.setPreviewData({})// Redirect to the path from the fetched post// We don't redirect to req.query.slug as that might lead to open redirect vulnerabilitiesres.writeHead(307,{Location:`/posts/${post.slug}`})res.end()}