Morning all. I have a question about WfP and legal responsibility for outbound traffic from final us

Aapignotti Morning all. I have a question about WfP and legal responsibility for outbound t...

W

Walshy•2/6/25, 12:46 PM

Very interesting question, let's talk through it

So, in the case of someone hosting something malicious, you'll likely receive a domain. You'll know what customer that domain tracks to.
You also control the upload path so you can log who uploads what and when.
I'd recommend also having analytics/logs for general traffic (Analytics Engine + Workers Logs would be ideal)

Then for a user Worker sending requests maliciously, we have Outbound Workers which again you can use to track analytics + Logs and tie these outbound requests to specific customers

WWalshy Very interesting question, let's talk through it So, in the case of someone hos...

A

apignottiOP•2/6/25, 12:49 PM

Right! Outbound Workers were the concept I was missing. I see this covers fetch explicitly, but how does this interact with TCP Socket API? Do the outbound workers intercept those too? Or is the TCP Socket API maybe disabled in WfP?

W

Walshy•2/6/25, 12:50 PM

I don't believe TCP would be covered but that's a good callout, I didn't think of that. Let me bring that up with the PM

WWalshy I don't believe TCP would be covered but that's a good callout, I didn't think o...

A

apignottiOP•2/6/25, 12:51 PM

Appreciated. Happy to further discuss our use case in private if needed.

S

saifeddine•2/10/25, 2:45 PM

hey
there is someone to help me fix ssl error problem ?

B

BigFungus•2/11/25, 8:32 AM

Hello. There does not seem to have deployment and versioning endpoints for worker for platform like there is for normal workers

is this correct?

Z

ZachHandley•2/11/25, 6:27 PM

hey -- does anyone know what

Z

ZachHandley•2/11/25, 6:28 PM

"18:15:34 [ERROR] Error: Disallowed operation called within global scope. Asynchronous I/O (ex: fetch() or connect()), setting a timeout, and generating random values are not allowed within global scope. To fix this error, perform this operation within a handler. https://developers.cloudflare.com/workers/runtime-apis/handlers/\n    at chunks/index_DXfsLD0r.mjs:142:26\n    at randomChar (chunks/index_DXfsLD0r.mjs:230:27)\n    at encodeRandom (chunks/index_DXfsLD0r.mjs:174:15)\n    at ulid (chunks/index_DXfsLD0r.mjs:247:41)\n    at chunks/specifications_iCWK4BKj.mjs:1137:29"

"18:15:34 [ERROR] Error: Disallowed operation called within global scope. Asynchronous I/O (ex: fetch() or connect()), setting a timeout, and generating random values are not allowed within global scope. To fix this error, perform this operation within a handler. https://developers.cloudflare.com/workers/runtime-apis/handlers/\n    at chunks/index_DXfsLD0r.mjs:142:26\n    at randomChar (chunks/index_DXfsLD0r.mjs:230:27)\n    at encodeRandom (chunks/index_DXfsLD0r.mjs:174:15)\n    at ulid (chunks/index_DXfsLD0r.mjs:247:41)\n    at chunks/specifications_iCWK4BKj.mjs:1137:29"

"18:15:34 [ERROR] Error: Disallowed operation called within global scope. Asynchronous I/O (ex: fetch() or connect()), setting a timeout, and generating random values are not allowed within global scope. To fix this error, perform this operation within a handler. https://developers.cloudflare.com/workers/runtime-apis/handlers/\n    at chunks/index_DXfsLD0r.mjs:142:26\n    at randomChar (chunks/index_DXfsLD0r.mjs:230:27)\n    at encodeRandom (chunks/index_DXfsLD0r.mjs:174:15)\n    at ulid (chunks/index_DXfsLD0r.mjs:247:41)\n    at chunks/specifications_iCWK4BKj.mjs:1137:29"

"18:15:34 [ERROR] Error: Disallowed operation called within global scope. Asynchronous I/O (ex: fetch() or connect()), setting a timeout, and generating random values are not allowed within global scope. To fix this error, perform this operation within a handler. https://developers.cloudflare.com/workers/runtime-apis/handlers/\n    at chunks/index_DXfsLD0r.mjs:142:26\n    at randomChar (chunks/index_DXfsLD0r.mjs:230:27)\n    at encodeRandom (chunks/index_DXfsLD0r.mjs:174:15)\n    at ulid (chunks/index_DXfsLD0r.mjs:247:41)\n    at chunks/specifications_iCWK4BKj.mjs:1137:29"

this means?

Z

ZachHandley•2/11/25, 6:28 PM

it seems like it's mad at ulid, which is weird, cause it's ulidx, and compatible with everything afaik

L

LearnNMake•2/12/25, 2:33 AM

I need to send realtime player count data to a database on cloudflare. Does cloudflare support the setup of a websocket server that will listen for a connection and can feed a D1 database?

币

币成•2/12/25, 3:17 AM

我用谷歌帐号登录的，验证邮箱时收不到验证码如何处理？

ZZachHandley ```ts "18:15:34 [ERROR] Error: Disallowed operation called within global scope. ...

A

Acе•2/13/25, 11:23 AM

It means you can’t use fetch or connect when the script is initiated.

LLearnNMake I need to send realtime player count data to a database on cloudflare. Does clou...

A

Acе•2/13/25, 11:24 AM

Yes

BBigFungus Hello. There does not seem to have deployment and versioning endpoints for worke...

A

Acе•2/13/25, 11:29 AM

Correct. It’s not supported, but you can create your own versioning system.

AAcе It means you can’t use fetch or connect when the script is initiated.

Z

ZachHandley•2/13/25, 5:09 PM

yeah turns out it was something super dumb

Z

ZachHandley•2/13/25, 5:09 PM

I had a package I created where if the user didn't provide an $id it would use

ulid

ulid

from

ulidx

ulidx

which was browser safe but

Z

ZachHandley•2/13/25, 5:09 PM

not cloudflare safe

A

Aster•2/16/25, 7:19 PM

Hey! Is there a way to try out WfP for free?

I want to create a PoC to see how far I can build on top of it

AAster Hey! Is there a way to try out WfP for free? 🙂 I want to create a PoC to see ho...

Z

Zetax•2/17/25, 3:29 AM

Would also love to know this

LLearnNMake I need to send realtime player count data to a database on cloudflare. Does clou...

Z

Zetax•2/17/25, 5:49 AM

Yes, it does

S

scruffy•2/18/25, 1:45 PM

Hi! Couple of quick questions...

What's the best way to delete a static asset from a user worker? I believe it's possible by creating an upload session and including all the assets except the one you want to remove, but is there something neater, e.g. like
```
DELETE
```
```
DELETE
```
to
```
/accounts/{accountIdentifier}/workers/scripts/{scriptName}/assets/{assetKey}
```
```
/accounts/{accountIdentifier}/workers/scripts/{scriptName}/assets/{assetKey}
```
but for user workers?
If you hit the maximum number of assets for a user worker (which I believe is 20,000 assets), how is it handled? Does it error or does it evict assets, e.g. via FIFO or similar?

Sscruffy Hi! Couple of quick questions... 1. What's the best way to delete a static asset...

H

Hard@Work•2/18/25, 1:51 PM

Your suggestion is the best one at the moment. You can't edit files within a deployment, but you can create a new deployment that doesn't include the asset in question.
It should fail the deployment.

S

scruffy•2/18/25, 1:52 PM

^ thanks for the quick and simple answers

S

scruffy•2/18/25, 2:16 PM

If I wanted to enable users to upload their avatar to

example.my.worker.dev/:user-name/avatar.png

example.my.worker.dev/:user-name/avatar.png

?
Could I use a dispatch worker which calls a single script as the user worker, which makes an upload session request on behalf of the user. If not, where am I going wrong? If it is possible, would I be capped at 20k users?

Sscruffy If I wanted to enable users to upload their avatar to `example.my.worker.dev/:us...

H

Hard@Work•2/18/25, 2:18 PM

I would probably just upload the images to R2/KV. They have much nicer APIs, and you wouldn't have to mess with creating scripts/deployments dynamically

HHard@Work I would probably just upload the images to R2/KV. They have much nicer APIs, and...

S

scruffy•2/18/25, 2:30 PM

Sorry for the contrived example but I'm trying to keep it simple rather than diving into the specific use case, which I have a hunch would be better served by static assets on workers for platforms. With that in mind, is the approach in the previous question possible? (I'd normally just sketch it out in code, but am trying to avoid paying $25 to find the answer, especially if the answer is "nope")

Sscruffy Sorry for the contrived example but I'm trying to keep it simple rather than div...

H

Hard@Work•2/18/25, 2:32 PM

Maybe, though I should note that Assets is built primarily to serve HTML/JS/CSS, and while it can serve other assets, using it primarily to serve non-HTML/CSS/JS assets may run afowl of the terms

HHard@Work Maybe, though I should note that Assets is built primarily to serve HTML/JS/CSS,...

S

scruffy•2/18/25, 2:33 PM

good to know about the terms issue -- i was actually intending for the assets to be json rather than pngs, would that be any better in terms of being in keeping with the inteded use?

Sscruffy good to know about the terms issue -- i was actually intending for the assets to...

H

Hard@Work•2/18/25, 2:35 PM

I wouldn't think so, though to be sure, I would probably talk with Support. Though note again that using R2/KV should definitely be simpler, and would avoid this terms issue, since it is allowed to serve any kind of assets, including images, json, etc, at any volume

S

scruffy•2/18/25, 2:36 PM

k, thanks for your help

HHard@Work Maybe, though I should note that Assets is built primarily to serve HTML/JS/CSS,...

S

scruffy•2/18/25, 3:41 PM

After some thought, seems that per-user HTML could fit my use case. With that in mind, would it be possible to use a single script as the user worker to enable static asset uploads to

example.my.worker.dev/users/:user-name/index.html

example.my.worker.dev/users/:user-name/index.html

? If so, do the API requests count against my account or the user? Apologies if the question seems bizarre, finding it a bit hard to get my head round things without poking code.

S

scruffy•2/18/25, 8:00 PM

If a Workers for Platforms "script" doesn't contain actually contain a user worker, i.e. it only holds user-specific static assets, does it still count towards the total count of user scripts?

W

Walshy•2/18/25, 8:05 PM

Yes, it is still a script for us

Sscruffy good to know about the terms issue -- i was actually intending for the assets to...

W

Walshy•2/18/25, 8:05 PM

json is fine

S

scruffy•2/18/25, 8:06 PM

cool, thanks

W

Walshy•2/18/25, 8:06 PM

A user Worker with JSON bindings may also be even easier

S

scruffy•2/18/25, 8:06 PM

not sure i follow

S

scruffy•2/18/25, 8:07 PM

(but sounds interesting)

W

Walshy•2/18/25, 8:08 PM

you could upload a user Worker that's literally just

export default {
  fetch(_, env) {
    // will return `{ "whatever": "data" }` as a Content-Type: application/json response
    return Response.json(env.JSON_DATA)
  }
}

export default {
  fetch(_, env) {
    // will return `{ "whatever": "data" }` as a Content-Type: application/json response
    return Response.json(env.JSON_DATA)
  }
}

export default {
  fetch(_, env) {
    // will return `{ "whatever": "data" }` as a Content-Type: application/json response
    return Response.json(env.JSON_DATA)
  }
}

export default {
  fetch(_, env) {
    // will return `{ "whatever": "data" }` as a Content-Type: application/json response
    return Response.json(env.JSON_DATA)
  }
}

And upload the Worker with

"bindings": [
  {
    "name": "JSON_DATA",
    "type": "json",
    "json": {
      "whatever": "data"
    }
  }
]

"bindings": [
  {
    "name": "JSON_DATA",
    "type": "json",
    "json": {
      "whatever": "data"
    }
  }
]

"bindings": [
  {
    "name": "JSON_DATA",
    "type": "json",
    "json": {
      "whatever": "data"
    }
  }
]

"bindings": [
  {
    "name": "JSON_DATA",
    "type": "json",
    "json": {
      "whatever": "data"
    }
  }
]

W

Walshy•2/18/25, 8:08 PM

Much easier than doing an asset upload flow

S

scruffy•2/18/25, 8:10 PM

that's cool, thanks for the tip!

D

darkpool•2/20/25, 9:20 PM

hi all probably a noob question but how do I exactly use WFP locally?

I see on first page of local development, it says

Support for Workers for Platforms with wrangler dev in local mode is experimental and may change in the future. Use the prerelease branch: wrangler@dispatch-namespaces-dev to try Workers for Platforms locally.

Support for Workers for Platforms with wrangler dev in local mode is experimental and may change in the future. Use the prerelease branch: wrangler@dispatch-namespaces-dev to try Workers for Platforms locally.

Support for Workers for Platforms with wrangler dev in local mode is experimental and may change in the future. Use the prerelease branch: wrangler@dispatch-namespaces-dev to try Workers for Platforms locally.

Support for Workers for Platforms with wrangler dev in local mode is experimental and may change in the future. Use the prerelease branch: wrangler@dispatch-namespaces-dev to try Workers for Platforms locally.

~~but im confused on how to actually enable it. Is there an experimental flag I have to use? do I need to download wrangler globally? or something else? Thanks!~~

EDIT: Im dumb. Just did:

        "wrangler": "dispatch-namespaces-dev"

        "wrangler": "dispatch-namespaces-dev"

However, now I got this error:

ERROR] Missing entry-point: The entry-point should be specified via the command line (e.g. `wrangler dev path/to/script`) or the `main` config field.

ERROR] Missing entry-point: The entry-point should be specified via the command line (e.g. `wrangler dev path/to/script`) or the `main` config field.

even though I have path specified in wrangler. I resolved by just adding the path to the dev script but seems like a regression.

EDIT 2: seems like experimental flag also ignores specified port for wrangler to listen to in wrangler.jsonc

D

darkpool•2/20/25, 10:47 PM

is this an error? I dont see any mention of

dispatch_namespace

dispatch_namespace

in https://developers.cloudflare.com/workers/wrangler/configuration/

Ddarkpool is this an error? I dont see any mention of `dispatch_namespace` in https://deve...

U

Unsmart•2/20/25, 10:50 PM

B

BD•2/20/25, 10:51 PM

Is anyone able to help me with a

request.cf.zoneName

request.cf.zoneName

issue? My website is hosted on CF Pages. I am using a CF Worker and want to limit the ability to make an api request to specific zoneName's. The issue I am running into is that

request.cf

request.cf

is always NULL. FWIW The code is below, but I have a feeling this might be a DNS or Routing issue. Any and all help would be appreciated.

    // Verify Cloudflare zone
    console.log(request.cf);
    console.log(allowedDomains);
    console.log(request.cf.zoneName);
    console.log(allowedDomains.includes(request.cf.zoneName));
    if (!request.cf || !allowedDomains.includes(request.cf.zoneName)) {
        console.log('[Security] Access denied: Invalid Cloudflare zone');
        return new Response(
            JSON.stringify({ error: 'Access denied' }),
            { status: 403, headers: { 'Content-Type': 'application/json' } }
        );
    }

    // Verify Cloudflare zone
    console.log(request.cf);
    console.log(allowedDomains);
    console.log(request.cf.zoneName);
    console.log(allowedDomains.includes(request.cf.zoneName));
    if (!request.cf || !allowedDomains.includes(request.cf.zoneName)) {
        console.log('[Security] Access denied: Invalid Cloudflare zone');
        return new Response(
            JSON.stringify({ error: 'Access denied' }),
            { status: 403, headers: { 'Content-Type': 'application/json' } }
        );
    }

    // Verify Cloudflare zone
    console.log(request.cf);
    console.log(allowedDomains);
    console.log(request.cf.zoneName);
    console.log(allowedDomains.includes(request.cf.zoneName));
    if (!request.cf || !allowedDomains.includes(request.cf.zoneName)) {
        console.log('[Security] Access denied: Invalid Cloudflare zone');
        return new Response(
            JSON.stringify({ error: 'Access denied' }),
            { status: 403, headers: { 'Content-Type': 'application/json' } }
        );
    }

    // Verify Cloudflare zone
    console.log(request.cf);
    console.log(allowedDomains);
    console.log(request.cf.zoneName);
    console.log(allowedDomains.includes(request.cf.zoneName));
    if (!request.cf || !allowedDomains.includes(request.cf.zoneName)) {
        console.log('[Security] Access denied: Invalid Cloudflare zone');
        return new Response(
            JSON.stringify({ error: 'Access denied' }),
            { status: 403, headers: { 'Content-Type': 'application/json' } }
        );
    }

UUnsmart Click to see attachment

D

darkpool•2/20/25, 10:52 PM

that's the config for the dispatch worker no? Im following the local setup guide and it says to add dispatch_namespace to customer-worker-1

Ddarkpool that's the config for the dispatch worker no? Im following the local setup guide...

U

Unsmart•2/20/25, 10:55 PM

Didnt see the initial message about the tutorial. The reason it wouldnt be defined in the wrangler docs is because its not an option in wrangler config its part of the dispatch namespaces dev

UUnsmart Didnt see the initial message about the tutorial. The reason it wouldnt be defin...

D

darkpool•2/20/25, 11:08 PM

So eve though i get - "Unexpected fields found in top-level field: "dispatch_namespace"" it's ok?

U

Unsmart•2/20/25, 11:09 PM

Yeah should be fine

UUnsmart Yeah should be fine

D

darkpool•2/20/25, 11:14 PM

Thank you for your help. Another problem is it seems my wrangler.jsonc is not being picked up? I can get arount by just specifying the path in the script but seems like the

dispatch_namespaces

dispatch_namespaces

config is not being picked up either?

✘ [ERROR] Missing entry-point: The entry-point should be specified via the command line (e.g.

wrangler dev path/to/script

wrangler dev path/to/script

) or the

main

main

config field.

Morning all. I have a question about WfP and legal responsibility for outbound traffic from final us

Similar Threads