Is this per HTTP request or 30s across all HTTP requests?
Is this per HTTP request or 30s across all HTTP requests?
APer HTTP request (https://developers.cloudflare.com/workers/platform/limits/#worker-limits for full details) and everyone is on the Standard pricing model now
MCan enterprise users have static ip ?
HPer request
WCloudflare Docs
Cloudflare Aegis provides dedicated egress IPs (from Cloudflare to your origin) for your layer 7 WAF and CDN services. The egress IPs are reserved exclusively for your account so that you can increase your origin security by only allowing traffic from a small list of IP addresses.
MHi guys I’m new here, I’m a total noob so excuse any wrong terms I may use. I made a chrome extension that uses AI (Anthropic API) to generate replies to reviews. So in order to protect my api key from client side code I wanted to use workers as a “middle man”. My front end would call the worker then the worker would call Anthropic and then send back the response to my front end. However I have two security issues:
- Can anyone not just get the worker url from my code (chrome extension code can be downloaded) and make their own requests to the worker?
- Is there a way to limit requests to the worker? Again, can someone not access the url and maliciously make like a million calls to the end point?
AFWIW this would also be a problem if you used any other means to expose your backend (e.g. a VPS). You can try to limit the potential abuse further by requiring users to login via Google or something - and then only allowing authenticated users to hit the endpoint (validate they have a JWT or w/e you want to do). Of course people can sign in and then send millions of requests if they want to, but it makes it a bit more difficult/effort and that's generally what a lot of security is about.
I'd also recommending setting a spending limit in your Anthropic account, not sure what controls they give you, but most offer spending caps - so at least if you do get hit, it will be limited, and you can start out with a low spend if you're expecting slow and gradual uptake.
I'd also recommending setting a spending limit in your Anthropic account, not sure what controls they give you, but most offer spending caps - so at least if you do get hit, it will be limited, and you can start out with a low spend if you're expecting slow and gradual uptake.
MThanks yea that’s what I was recommended, setting up proper auth. The issue isn’t with over spending on Anthropic but the worker/function. Anthropic is prepaid so if I put $10 it only uses that much and no more unless I have auto recharge on which I won’t. I’m not concerned about users abusing it but someone who can download the source code files and see the url in the code that I use to generate replies. It just seem to be a bigger problem than just putting the api key in code. Someone can use my api key but I have a limit on it.
A
Ais this a cloudflare error? never seen it before
Awe’re using DurableObjects
HThat sounds like a JS error when you call too many
setTimeout() without them resolving
Ahmm yeah that was my thought too…. are we expected to be manually calling clearTimeout?
Jhow do you specify what account to deploy to when you have multiple accounts authenticated?
Jcan I put an account id in a default config in the top level of my monorepo?
HIf you are generating a lot of them, then don't need them all, I would do so, yeah
HNo, but you can put the account ID in your
wranglerwe probably shouldn’t be generating too many… 10K simultaneous sounds like a bug of some kind for sure. we probably only spin up several hundred DOs in a 10 minute period
Jthat's not ideal as it's my work account and I don't want it to affect my personal account
Jso I really want it to be global but just for the project/directory/monorepo
HNot sure I understand? If you put the ID in your config, then it only applies to that one Worker/Pages Project
Joh, I think I misunderstood what you meant by "your" config.. do you just mean the project config? there are many workers in my monorepo, wanted to avoid hardcoding the account id into all of them
HYeah, that's what I meant. There isn't currently a way to make them inherit an account ID from somewhere else
HUnless you want to add an Environment Variable that you can somehow scope to just that directory
Johh, that could work
Lwhy is pages recommend over worker sites? It seems like Worker Sites is more powerful
CIn what way? Pages has built in CI/CD, supports advanced mode so you can pop out of the provided stuff and use it more like Worker Sites, free unlimited static asset requests, versioning/rollbacks/etc
Lcan't seem to use durable objects / D1 Transactions but maybe I'm doing something wrong?
DYeah, the functionality venn diagram of Workers/Workers Sites and Pages/Pages Functions is... a bit awkward imho.
CDurable Objects have to be defined in a worker and then you can attach to in Pages, Explicit Transactions don't exist outside of batch
CThey're working on converging Pages and Workers into one product: https://blog.cloudflare.com/pages-and-workers-are-converging-into-one-experience/
The Cloudflare Blog
Today we’re excited to announce that over the next year we will be working to bring together the best traits and attributes you know and love from each product into one powerful platform!
DYeah, I'm very much looking forwards to that!
Cit's a little awkward right now, Pages still has a ton more stuff then normal Workers, would hardly say Worker Sites is more powerful outside of a few edge-case not supported stuff/bindings
L@Chaika I thought you could provide a transactions.js file? https://blog.cloudflare.com/whats-new-with-d1/
The Cloudflare Blog
Get an inside look on the D1 experience today, what the team is currently working on and what’s coming up!
C"Sneak peek"
DFor now I'm mostly doing my FE in Pages and my services as Workers, and just using lerna monorepo (sometimes combined with git submodules) to manage the whole thing.
L@Chaika hmm, so if I wanted to build a social network on cloudflare, would that be something that would not make sense to do given the current scope of features that exist?
CIt has implicit transactions with batch/queries
CCloudflare Docs
D1 is compatible with most SQLite’s SQL convention since it leverages SQLite’s query engine. D1 client API allows you to interact with a D1 database from within a Worker.
LDecision fatigue is getting the best of me with all of this new tooling 
CIt depends exactly how you want to build it how you'd go about it, but I don't see any reason why it would be impossible, D1 is semi-limited though because right now it's a single javascript thread/isolate in a single location, so for dynamic social networks which aren't too cachable you might reach the limits of one + the max size of 10gb per db
Cthey want you to scale with more DBs but doing that with a social network would be interesting, I guess could have each user in its own D1 DB but would need a lot of glue + the tooling to handle that all well/dynamically is still unreleased
LSQLite Cloud offers an easy way to share single-user SQLite databases to the cloud. We offer enterprise features like advanced scaling solutions, continuous backup, ACID-compliant over multiple nodes (and multiple zones), pub/sub capabilities, powerful users/roles access control, and a javascript-based programming language to extend the built-in...
Cyou mean instead of d1? That's basically what D1 aims to provide eventually in some ways, although I would note their storage limits are no better/probably same other arch limits to a degree if that's why you don't want to use d1
CThe advice of the D1 team has been if you want a monolithic db/one big db you should go with another provider and use an http api or #hyperdrive
Lyeah, I honestly don't know what I'm doing, I'm an expert in front-end but, building full fledged services is not something I've done actively
L@Chaika does Hyperdrive work in pages?
LLGitHub
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
JI have a CF worker (worker A) that exposes different endpoints using Hono, now I have another worker (Worker B) that needs to make a request to Worker A. Is it possible to make an RPC service binding call to a Worker A method, if so how would I achieve this, any documentation or examples appreciated.
