AFAIK, never. Some APIs don’t make sense in a serverless context, or the way Workers works in partic
AFAIK, never. Some APIs don’t make sense in a serverless context, or the way Workers works in particular
B[vars]
dotenv = ".env"
in wrangler.toml how do import the vars for the cloudflare worker to use from my own .env file? currently it seems cloudflare is interpreting dotenv as its own variable rather than importing the variables
dotenv = ".env"
in wrangler.toml how do import the vars for the cloudflare worker to use from my own .env file? currently it seems cloudflare is interpreting dotenv as its own variable rather than importing the variables
KAll that does is set
dotenv.envYou can't tell Wrangler to read from a
.envLocal development will read from
.dev.vars
Bwdym by this part?
Bhow do i use them for my own worker from my own .env? or do i just import it manually in my worker script
KWrangler doesn't use .env files.
KYou define variables in Wrangler.toml as
[vars] and you upload secrets with wrangler secret putBthanks for this
UBok so i set up a .dev.vars file with my env variables and then deployed the worker but i still don't see it showing up on the cloudflare dashboard, nor is my worker using it. Am i misunderstanding how it's meant to be used?
am i supposed to somehow use them here? how? do i change the param name or something?
am i supposed to somehow use them here? how? do i change the param name or something?
K.dev.vars is just for local development
KYou do this for deployed Workers
Bso is it not possible for me to use my own .env file for production? have to do it through cli or dashboard or [vars]?
KYes
BThank you for you help, appreciate it
HWorkers/Pages do have support for some of
node:crypto. Which modules do you need?UThank you. I'm aware. The trouble is getting them to work with all the typical dependencies of a blockchain app which rely on node's crypto.
Case in point:
https://github.com/LIT-Protocol/Issues-and-Reports/issues/14#issue-2248885628
Case in point:
https://github.com/LIT-Protocol/Issues-and-Reports/issues/14#issue-2248885628
JIs anything still problematic with Mailchannels (as of May 2024) given that Mailchannels has lockdown mode now? It didn't exist when the defcon presentation was made
Kwhere can I find more information about this?
JI would still strongly recommend you avoid it. If you enable Domain Lockdown, you're protected from all known issues they had, but their responses to the situation have still been awful. They've still yet to inform all of their customers who remain unprotected because they don't do basic stuff like Sender Verification, and their platform is still vulnerable in a similar way if you sign up with any number of hosting providers that use them.
IYikes, do you know of any better free alternatives? I was just reading about security issues with resend, so looks like lots of them have issues
J"Free" and secure/reliable email sending often doesn't go together, sadly. SendGrid has a reasonable free tier at 100/day, and then Postmark is great too, but only 100 free per month.
IDoes this mean that currently this issue is still exploitable even with domain lockdown? Or do you mean that users that sign up from other providers are vulnerable, and not that that makes us (CF users) vulnerable?
JIf you turn on Domain Lockdown, then it's not exploitable with your domain. But many of their customers don't have this enabled, and if you sign up with another hosting provider that uses MailChannels, you can still send emails from many of their customers that'll pass security checks, yes.
JThey used to allow self-service for just $80 where you could do this. But they quietly removed that from their site. So now you have to signup via a third-party.
JIt all just reinforces their terrible communication throughout the process, and is a partnership that I think is irresponsible for Cloudflare to upkeep, personally.
BHow do i get content-disposition: attachment to cause my custom domain r2 to force a download instead of treating it as inline? Am i doing it wrong? it's appearing correctly in the param as attachment and i'm trying to send it as a header in the fetch request but the file is still being displayed in-browser instead of starting a download
ISo content-disposition is a response header, not a request header.
IYour need to reply with the
content-disposition header (it looks like you're making the request with the header, which is different)IYou probably need to do a (untested but should work):
IJust as a side-note, you should probably not be deciding what content-type to return based on what the client asks you to - the content-type is usually decided by what the actual content is, not what the browser wants.
ISo for example, text files should usually be returned as
text/plain, in your example I could do a contentType query param of video/webm and the browser would think my text file is a videoBThe client is the backend which uses the file metadata stored on the database to make sure the content type is correct in the header that's sent
IAh I see - ok then, probably fine.
BI'll try out your solution though, thanks for your help
BThis fixed the issue, been spending ages on this. Thank you!
SMailchannels + CF Workers, anyone facing status 500 error, EOF when sending email sometimes? like 1 out of 10 times will hit this error while remaining 9 no issue, can send email
Jwhat happens when you hit the subrequest limit, does fetch throw an error?
SI don't think I hit any limit, because this error usually is the first request of the day / first request after deploy new version to CF worker, and the status 500 is coming from mailchannels api
Jsorry, that wasn't in response to you, was an unrelated question
KYes
KSo subrequests work in two ways - there are in-house subrequests, and everything else.
KThey have separate counters, separate 'buckets'
KYou can (on a paid plan) make 1000 subrequests with something like
fetch(url), and another 1000 to in-house things (KV, R2, DO, D1, you get the idea)KOnce you hit that limit, they throw a "subrequest limit exceeded" exception
J@kian thanks for clarifying!
