CD
Cloudflare Developers12mo ago
johnmantas

Pages functions access

Hello everyone, I'm using pages to host a Gatsby site and I'm using the functions directory to handle the contact form post requests. Are these functions allow requests only from this project or I have to restrict it somehow so the functions endpoint block requests from another project/domain?
5 Replies
suck
suck12mo ago
the functions accept requests from anywhere. any sort of permission logic, origin-based or otherwise, will need to be handled in your function code.
johnmantas
johnmantas12mo ago
Thank you for the answer! Tbh I thought it would be restricted for that particular project by default. What would be the best approach to restrict it only for the pages.dev and any custom domain of the project?
suck
suck12mo ago
this isn't really a pages-specific thing but rather a nodejs thing. your pages function has a request object that you can use to write any logic you want. console.log it, submit your contact form, check the logs for any useful fields. sounds like you want to restrict requests by host. you'll probably want to check the headers for the "Referer" header and then allow/deny access based on the host in that value.
suck
suck12mo ago
here's an example of a hostname check: https://developers.cloudflare.com/workers/examples/hot-link-protection/
Hot-link protection · Cloudflare Workers docs
Documentation for Cloudflare Workers, a serverless execution environment that allows you to create entirely new applications or augment existing ones …
suck
suck12mo ago
note that the example is a workers example, not a pages example, so the top-level stuff won't match up perfectly. the new URL bit will though
Want results from more Discord servers?
Add your server
More Posts
optimizing imagesHello, currently I store my images in R2 buckets but I also want to optimize/resize them. Can cloudcalling direct public ip from cloudflare workerHi, I have a dynamic server allocation service that spins off new server if the server is overloadepki-validation errorHi Just after enabling proxy mode on cloudflare I can see many requests from cloudflare IP and pathArchitecture to host CTF challenges where backend is deployed for each sessionI want to set up an architecture where a new "environment" is deployed for each user session. This eTrouble with script loadingI'm having trouble with script loading from cdn.domain.com (R2) and Cloudflare pages on a custom domCan you purge everything from a custom cache instance?When accessing Cache from a Worker, the docs say we "may create and manage additional Cache instanceSupport `.beach` TLDHow can we request support for a new TLD? Both the API and the Dashboard prevent me from adding a neHow To Clear All DNSHow To Clear All DNS ? CloudFlareKV.get is not returning the same value depending on the circumstancesHello! I have a really weird problem with KVs. I am trying to get the same KV in 3 different circumsHow to correctly setup Miniflare & Miniflare Jest Testing with a Cloudflare Worker on GitHub Actionshttps://stackoverflow.com/questions/76550495/how-to-correctly-setup-miniflare-miniflare-jest-testing