Dwrangler tail. Example:
Cand you're watching for exceptions right? Not just console logging the stack trace.
https://developers.cloudflare.com/workers/observability/source-maps/
https://developers.cloudflare.com/workers/observability/source-maps/
Cloudflare Docs
Adding source maps and generating stack traces for Workers.
Doops, you are totally right
Dthat makes sense, thank you!
Gcan i deploy a nodejs app on cf worker?
AYes, but not every node library is supported
Gis there any list that shows the available ones?
ACloudflare Docs
Implemented Node.js runtime APIs and enablement instructions for your Worker project.
Gty
LIs there any way to inline a wrangler env or can you only use json or toml?
Conly normal if you're doing a lot in the global scope/initial request, for small scripts like a hello world script the cold start is unnoticable (it takes advantage of the TLS time to elimate cold starts in a lot of cases)
Chttps://blog.cloudflare.com/eliminating-cold-starts-with-cloudflare-workers
I would also question how exactly you are measuring cold starts
I would also question how exactly you are measuring cold starts
RNew encryption/decryption library designed for use with Cloudflare Workers / Pages:
simple-secure-webcrypto
https://www.npmjs.com/package/simple-secure-webcrypto
IMO it was more difficult than it should be to find a simple way to encrypt and decrypt data on Cloudflare Workers/Pages. I thought I'd package up my solution to doing this and share it in the hope it will help others.
It's as simple as:
where I expected you'd just store the secret as an encrypted environment variable in Workers/Pages.
Under the hood it uses Web Crypto APIs / SubtleCrypto so it has zero package dependencies, and it's using the AES-GCM algorithm for encryption and SHA-256 for HMAC of the IV.
I'd love to get some review and feedback from anyone willing!
simple-secure-webcrypto
https://www.npmjs.com/package/simple-secure-webcrypto
IMO it was more difficult than it should be to find a simple way to encrypt and decrypt data on Cloudflare Workers/Pages. I thought I'd package up my solution to doing this and share it in the hope it will help others.
It's as simple as:
where I expected you'd just store the secret as an encrypted environment variable in Workers/Pages.
Under the hood it uses Web Crypto APIs / SubtleCrypto so it has zero package dependencies, and it's using the AES-GCM algorithm for encryption and SHA-256 for HMAC of the IV.
I'd love to get some review and feedback from anyone willing!
npm
Simple and secure encrypt/decrypt functions using Web Crypto API and no dependencies. Latest version: 1.0.2, last published: 7 minutes ago. Start using simple-secure-webcrypto in your project by running
npm i simple-secure-webcrypto. There are no other projects in the npm registry using simple-secure-webcrypto.Rgreat question Leo! GCM checks ciphertext, but when the IV cannot be trusted (e.g. user input such as a Cookie) it must be verified AFAIK?
RThat is what I understood originally was one of the key benefits of GCM. However, as I was working on this I found some docs to suggest you still need to verify the integrity of the IV if you cannot trust the source of it during decrypt. Are you able to point me at any documentation I can use as a reference for this?
For example, MDN explicitly mentions ciphertext is verified but no mention of IV: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt#aes-gcm
For example, MDN explicitly mentions ciphertext is verified but no mention of IV: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt#aes-gcm
MDN Web Docs
The encrypt() method of the SubtleCrypto interface encrypts data.
Ryou're right, just reading the official paper at https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf it explicitly lists "the ciphertext, the AAD, the IV, or the tag"
Rcan you elaborate?
RJWE contains additional fields too which in the context of this use case wouldn't make sense to store
Rso i take it https://github.com/mdn/dom-examples/blob/main/web-crypto/encrypt-decrypt/aes-gcm.js is not padding correctly either?
GitHub
Code examples that accompany various MDN DOM and Web API documentation pages - mdn/dom-examples
Rdon't think this is very fair to say, I'm using Web Crypto here, not rolling my own. I'm trying to improve the DX of implementing Web Crypto, because I haven't been able to find any straightforward packages which help close the gap from SubtleCrypto interface to a simple function call. Also appreciate your feedback, have started working on a v2 branch which takes out the HMAC: https://github.com/Nadrama-com/simple-secure-webcrypto/tree/v2
- will publish it as a package once I get some additional feedback, would appreciate any further review and input
GitHub
Simple and secure encrypt/decrypt functions using Web Crypto API and no dependencies - GitHub - Nadrama-com/simple-secure-webcrypto at v2
OHas anyone been able to succesfully query parquet files in R2 bucket through workers?
JSo I have searched already quite a bit but I'm not sure where or how I unsubscribe from these daily notifications that I reached 50% of my free tier capacity 
... I know I'm above 50% and it is fine, it resets daily. But every single day I get 2 - 3 emails from Cloudflare: [Cloudflare]: 50% of daily usage limit for Cloudflare Workers KV operations reached.
Simply put, I'd like to unsubscribe or manage treshold for these notifications and I don't know where or how to do it.
... I know I'm above 50% and it is fine, it resets daily. But every single day I get 2 - 3 emails from Cloudflare: [Cloudflare]: 50% of daily usage limit for Cloudflare Workers KV operations reached.Simply put, I'd like to unsubscribe or manage treshold for these notifications and I don't know where or how to do it.
MThere are so many seemingly random errors that show up in Wrangler when developing locally that it makes development a bain at times. I raised two such issues last week but have heard nothing back. Any chance a CF dev could take a look at them? Many thanks.
VI need to pin my workers close to my DB, I'm using smart placement for this.
When enabled, I see a "unsupported backend service" even though I'm only calling Planetscale DB in my worker.
https://developers.cloudflare.com/workers/configuration/smart-placement/#unsupported-back-end-services
When enabled, I see a "unsupported backend service" even though I'm only calling Planetscale DB in my worker.
https://developers.cloudflare.com/workers/configuration/smart-placement/#unsupported-back-end-services
Cloudflare Docs
Speed up your Worker application by automatically placing your workloads in an optimal location that minimizes latency.
PHey! If i have multiple cloduflare accounts, and need to be pushing changes with wrangler constantly. Is there a way to do that with out having to log in and out in the CLI?
HHave a single account with access to all of the other accounts
HIt should then allow you to publish to them
PI can't do that, each account is for a different job
HYou could provide an API token as an env var?
CLOUDFLARE_API_TOKEN I believePan add that to the variables in the wrangler.toml?
HNo, I meant an Env Var in the console
HLike
Pohh okay, and instead of login in i just use the api token each time/
Pthats clever haha
Pthanks!
MWith the worker pricing model change I have a question about Service Bindings that I cannot fully confirm based on old similar questions and the current docs.
If I have a Cloudflare Pages project that does SSR on a page (then triggering a worker request through it's adapter) and I need to request an endpoint on a Hono API that is deployed on another Worker (on a different subdomain) and I wire them as Service Bindings, do I still trigger 2 requests each time a user refreshes the page or the counter get's only the Pages request against my limit?
If I have a Cloudflare Pages project that does SSR on a page (then triggering a worker request through it's adapter) and I need to request an endpoint on a Hono API that is deployed on another Worker (on a different subdomain) and I wire them as Service Bindings, do I still trigger 2 requests each time a user refreshes the page or the counter get's only the Pages request against my limit?
HAt the moment, a call to a Service Binding is billed as a new request
MFrom current docs I understand that the request to the Hono API will just count against the subrequests of the Pages Worker
https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/#limits
So to avoid a double request I'm supposed to move all the backend logic from my main API to the Pages SSR request? That's unfortunate
https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/#limits
So to avoid a double request I'm supposed to move all the backend logic from my main API to the Pages SSR request? That's unfortunate
Cloudflare Docs
Facilitate Worker-to-Worker communication.
HAt the moment anyway. There was a discussion about making service binding calls free, but haven't seen anything new on that front yet
USubrequests are just any network call, you arent billed on subrequests. Service bindings specifically call another worker and all worker requests are billed regardless of request method which is why calling service bindings has a charge.
HThough note, because of the architecture of Service Bindings, the bound Worker should already be in memory, and thus calling it is almost like calling a function within your Worker directly(which I suspect is why they might want to make Service Binding calls free).
MThanks for the quick reply, hope to also have at least 2 chained requests for free in the future, anyway not sure again about the content of this article https://blog.cloudflare.com/service-bindings-ga being still valid, I understand that many changes have happened since it has been written, but having an
api-gateway like architecture with workers (aka triggering 4+ requests only to have a login token returned) it's too expensive in the long run, only the security from the subworkers isolation might be a perk.The Cloudflare Blog
Service bindings are an API that facilitate Worker-to-Worker communication. You can invoke other Workers directly from your code; making it possible to communicate with shared services. We’ll also make it cost-efficient to run multiple Workers.
UIt might be "expensive" for personal use but for companies even 4 requests is still only $1.20/million (+ some cpu time). My work does about $15-20/million requests comparitively on AWS so theres that 
K@sperand_io @elithrar @Cloudflare Two things here:
- We are working on (couldn't quite make it for this week) a change where when you call another Worker via a service binding, this won't be billed as a request. (so that pricing doesn't disincentivize breaking apart an app into many Workers) Coming soon.
4/5/24, 7:31 PM
KHello everyone, Is it possible to send emails with attachments using the mailchannels plugin? Or has this feature not been implemented?
AIs anyone successfully seeing unobfuscated stack traces in the exception output of the real time logs?
Ai've got
upload_source_maps = true and i'm still not seeing themAi'm also watching for exceptions. i'm not merely looking at a console.log of the
error.stack