```js interface Env { MY_RATE_LIMITER: any; } export default { async fetch(req, env): Promi

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

interface Env
{
    MY_RATE_LIMITER: any;
}

export default {
    async fetch(req, env): Promise<Response>
    {
        // https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

        const ipAddress = req.headers.get("cf-connecting-ip") || "";
        const { success } = await env.MY_RATE_LIMITER.limit({ key: ipAddress })
        if (!success)
            return new Response(`429 Failure – rate limit exceeded for ${ipAddress}`, { status: 429 });

        const login = req.headers.get("x-login");
        const password = req.headers.get("x-password");

        if (!login || !password)
            return new Response("", { status: 403 });
        
        const isValidUser = await validateUser(login, password);
        if (!isValidUser)
            return new Response("", { status: 403 });

        //const origin = new Request(req.url, req);
        //origin.headers.delete("x-login");
        //origin.headers.delete('cf-workers-preview-token');
        //return fetch(origin);
        return fetch(req)
    },
} satisfies ExportedHandler;

async function validateUser(login: string, password: string): Promise<boolean>
{
    const response = await fetch("https://tunnel.xxx.com/authentication",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({ login, password })
        });

    // The server returns 200 for valid authentication, 403 for invalid
    return response.status === 200;
}

i have a WAF rule to

block

block

POST

POST

requests,

await fetch("https://tunnel.xxx.com/authentication",

await fetch("https://tunnel.xxx.com/authentication",

works on cloudflare
debugging locally with

npx wrangler dev --remote

npx wrangler dev --remote

on this same request i get

(403) Forbidden

(403) Forbidden

as response

Cconfused mf Cloudflare with supabase integration is broken, I get a 400 error when I try oau...

Vero•3/27/25, 2:06 PM

there's an ongoing incident https://www.cloudflarestatus.com/incidents/gmpbtb71lkpl

Cloudflare Workers: Supabase integration issues

Rruan ```js interface Env { MY_RATE_LIMITER: any; } export default { async fe...

Chaika•3/27/25, 2:08 PM

if it's same zone subrequests/fetching there's tons of special handling, not a blanket bypass through the waf though if fetching from a different zone/context of course though

ruanOP•3/27/25, 2:09 PM

what?

Chaika•3/27/25, 2:09 PM

zone/website is

test.com

test.com

, worker

worker.test.com

worker.test.com

fetching

origin.test.com

origin.test.com

is a "same zone subrequest"

Chaika•3/27/25, 2:10 PM

if you're doing that there's tons of special handling on it, like bypassing other workers, etc. --remote dev is going to come from an entirely different context
maybe it helps more to reframe it: The "context", in this context, is the zone/website the worker is running on, not per account or anything like that

ruanOP•3/27/25, 2:30 PM

i dont understand

Mia•3/27/25, 7:20 PM

is there an (allbeit hacky) alternative to aegis so i can change the egress IP of my cf workers?

Original message was deleted

Mia•3/27/25, 7:49 PM

ah pity

Mia•3/27/25, 7:50 PM

guessing the wrangler local dev server doesn't include that header then

Mia•3/27/25, 7:50 PM

cuz it does work in the wrangler dev server

Mia•3/27/25, 7:53 PM

where in the chain would it be yeeted? does discord itself run on cf infra?

Mia•3/27/25, 7:53 PM

(just curious not questioning)

MMia where in the chain would it be yeeted? does discord itself run on cf infra?

Isaac McFadyen•3/27/25, 7:53 PM

Yes it does.

Isaac McFadyen•3/27/25, 7:53 PM

Or well, it uses CF.

Isaac McFadyen•3/27/25, 7:54 PM

I believe it's a combination of GCP and CF, each for certain things.

Mia•3/27/25, 7:55 PM

has discord put out a statement as to why they block workers from their gateway api? or is it just the scarce (hard to find) issue comments ive found so far with "yea we block it for security reasons"

MMia has discord put out a statement as to why they block workers from their gateway ...

Isaac McFadyen•3/27/25, 7:56 PM

I don't believe there's been an official statement aside from those Issue comments. There have been many requests to remove the block (or make it more fine-grained) but they haven't been very receptive thus far.

Mia•3/27/25, 7:56 PM

ill see if someone replies to my necroposting on an old closed issue i guess

Mia•3/27/25, 7:58 PM

thanks for your replies isaac & leo :3

ruanOP•3/27/25, 8:14 PM

what happens if i run out of daily worker requests? (free plan)
it will block the request or just will forward the request to origin

Rruan what happens if i run out of daily worker requests? (free plan) it will block th...

Isaac McFadyen•3/27/25, 8:15 PM

Depends on the failure mode you have set. https://developers.cloudflare.com/workers/platform/limits/#daily-request

ruanOP•3/27/25, 8:47 PM

is it possible to see

console.log

console.log

msgs from worker code somewhere on the website?

Mia•3/27/25, 8:48 PM

https://developers.cloudflare.com/workers/runtime-apis/console/

Cloudflare Docs

Console · Cloudflare Workers docs

Supported methods of the console API in Cloudflare Workers

Mia•3/27/25, 8:49 PM

u can try

wrangler tail

wrangler tail

Rruan is it possible to see `console.log` msgs from worker code somewhere on the websi...

Mia•3/27/25, 8:58 PM

there is logs in the dashboard as well if you cant use wrangler cli

MMia there is logs in the dashboard as well if you cant use wrangler cli

ruanOP•3/27/25, 9:05 PM

im using the wrangler cli
was wondering about the dashboard

i can see the logs in the dashboard but not the console.log output, tail worker is paid, im still testing my application

ruanOP•3/28/25, 1:05 AM

theres no channel to talk about cloudflare tunnel?

Rruan theres no channel to talk about cloudflare tunnel?

Cyb3r-Jak3•3/28/25, 1:08 AM

I’d recommend #general-help

Rruan theres no channel to talk about cloudflare tunnel?

Isaac McFadyen•3/28/25, 2:31 AM

There is #cloudflare-one

ByteBeast•3/28/25, 8:44 AM

I just face one issue in my worker, when there is null value for any key in object and if i pass that object to any funciton or if I first stringify it and then parse it that key with null value got completely remove! why is that? it is not behaviour of JS, only in worker I face this issue!

piffie•3/28/25, 10:20 AM

https://developers.cloudflare.com/pages/how-to/use-direct-upload-with-continuous-integration/ still points to the depreciated github actions lib

Cloudflare Docs

Use Direct Upload with continuous integration · Cloudflare Pages docs

Cloudflare Pages supports directly uploading prebuilt assets, allowing you to use custom build steps for your applications and deploy to Pages with Wrangler. This guide will teach you how to deploy your application to Pages, using continuous integration.

ByteBeast•3/28/25, 11:48 AM

I am not able to use @google-cloud/speech package when i import it and just initialize class like below

import speech from '@google-cloud/speech'

  // Initialize Google Speech Client
  const client = new createClient.SpeechClient({
    credentials: {
      client_email: env.GOOGLE_CLIENT_EMAIL,
      private_key: env.GOOGLE_PRIVATE_KEY
    }
  });

import speech from '@google-cloud/speech'

  // Initialize Google Speech Client
  const client = new createClient.SpeechClient({
    credentials: {
      client_email: env.GOOGLE_CLIENT_EMAIL,
      private_key: env.GOOGLE_PRIVATE_KEY
    }
  });

Error

service core:user:voice-call-handler-dev: Uncaught TypeError: Cannot convert object to primitive value
    at null.<anonymous> (index.js:18912:101) in isEnabled
    at null.<anonymous> (index.js:18915:35) in refresh
    at null.<anonymous> (index.js:18956:13) in
  ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/colours.js
    at null.<anonymous> (index.js:19:51) in require2
    at null.<anonymous> (index.js:19013:21) in
  ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/logging-utils.js
    at null.<anonymous> (index.js:19:51) in require2
    at null.<anonymous> (index.js:19269:18) in
  ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/index.js
    at null.<anonymous> (index.js:19:51) in __require2
    at null.<anonymous> (index.js:19318:18) in
  ../node_modules/.pnpm/gcp-metadata@6.1.1/node_modules/gcp-metadata/build/src/index.js

service core:user:voice-call-handler-dev: Uncaught TypeError: Cannot convert object to primitive value
    at null.<anonymous> (index.js:18912:101) in isEnabled
    at null.<anonymous> (index.js:18915:35) in refresh
    at null.<anonymous> (index.js:18956:13) in
  ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/colours.js
    at null.<anonymous> (index.js:19:51) in require2
    at null.<anonymous> (index.js:19013:21) in
  ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/logging-utils.js
    at null.<anonymous> (index.js:19:51) in require2
    at null.<anonymous> (index.js:19269:18) in
  ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/index.js
    at null.<anonymous> (index.js:19:51) in __require2
    at null.<anonymous> (index.js:19318:18) in
  ../node_modules/.pnpm/gcp-metadata@6.1.1/node_modules/gcp-metadata/build/src/index.js

uomopensione•3/28/25, 1:39 PM

HI guys, sorry can anyone help me. I’m facing a critical issue with my Cloudflare Tunnel setup and need urgent assistance. Here’s the problem:

Error Details
SSL Certificate Mismatch:

When accessing my site, browsers throw:
"SSL Error: Certificate does not match the domain name. The certificate is issued for *.cfargotunnel.com, not [my site domain]."

Bad URL/404 Errors:

Without VPN: Requests return 400 Bad Request or 404 Not Found even though:

The tunnel is active and healthy (cloudflared tunnel list shows ACTIVE).

DNS records (CNAME for my domain → <TUNNEL_ID>.cfargotunnel.com) are correctly configured.

Works Only with VPN:

The site loads only when connected to a VPN. Disabling VPN immediately breaks access.

What I’ve Tried
Forced Certificate Renewal:

powershell
Copy
.\cloudflared.exe tunnel --force-renewal run
Tunnel Configuration:

yaml
Copy
ingress:

hostname: my domain
service: http://localhost:80
originRequest:
httpHostHeader: "my domain"
noTLSVerify: true
DNS Checks:

Verified dig returns the correct CNAME.

Tested with 1.1.1.1 DNS (no change).

Why does Cloudflare’s auto-generated certificate default to *.cfargotunnel.com instead of my custom domain?

Is this a DNS propagation issue, or are Cloudflare’s edge nodes failing to apply the correct certificate?

Why does a VPN bypass the problem? (Suggests ISP/geo-blocking, but the domain is not restricted.)

tumes•3/28/25, 6:08 PM

Relatively new to workers though also a relatively senior dev (rails). I have a couple questions that itch at the back of my mind and I just wanna make sure I'm understanding things right.

Static Assets can nominally support queue consumers but I'm a little unclear on what that implies, does it mean that the main worker can define a single push consumer? I'd assume that kind of has to be it, right, it doesn't seem possible to have multiple push consumers since the consume method doesn't declare anything about from which queue it consumes. It, like me on a good costco sample day, just consumes. Is the idea that, if you want to build a consolidated full stack app with multiple queues, you'd use this strategy for one consumer processing multiple queues?: https://developers.cloudflare.com/queues/reference/how-queues-works/#consumers
Conceptually, when using a framework with Static Assets, are SSR endpoints and SSR components de facto micro deployments of individual workers? I guess this is as much a question about how the adapters work. For example, if I have an Astro endpoint file that handlers multiple HTTP verbs, are those functionally translated into separate workers, or maybe more likely a single worker that happens to have Astro-specific syntax to handle the different request types? Is this analogous to how Pages Functions worked? How literal is this, like, were PFs ultimately run on individual isolates? My apologies if none of this makes sense, I'm asking out of curiosity from a sort of half formed shower thought involving leveraging the ephemeral nature of global scope in workers to emulate some architectural stuff that is laid out in the blog posts about how Waiting Room works.

Cloudflare Docs

How Queues Works · Cloudflare Queues docs

Cloudflare Queues is a flexible messaging queue that allows you to queue messages for asynchronous processing. Message queues are great at decoupling components of applications, like the checkout and order fulfillment services for an e-commerce site. Decoupled services are easier to reason about, deploy, and implement, allowing you to ship featu...

Ttumes Relatively new to workers though also a relatively senior dev (rails). I have a ...

Hard@Work•3/28/25, 6:16 PM

Frameworks bundle to a single output Worker. This is also the same for Pages, as all routes are bundled into a single output "Functions" bundle

HHard@Work Frameworks bundle to a single output Worker. This is also the same for Pages, as...

tumes•3/28/25, 6:28 PM

Awesome, good to know, thank you!

jsonperl•3/28/25, 6:42 PM

Is it true that the cache api may not store the content-length header if I'm caching a stream?

boghad2424•3/28/25, 6:52 PM

Hello everyone, I have what I think is a pretty basic question about workers and environment variables / secrets. I've had a couple instances where my runtime environment variables and secrets disappear in the dashboard and I have to re-add them. I'm adding my runtime environment variables (not secrets) to my wrangler.jsonc as vars and my assumption was that once I add my secrets in the dashboard they just stay there until I delete or rotate them. Is my understanding correct? Are there any configuration things that could be causing this behavior? I currently have my workers set to auto-build after a merge in my git branch (not deploying from IDE). Any info helps, thanks!

HHard@Work Frameworks bundle to a single output Worker. This is also the same for Pages, as...

tumes•3/28/25, 7:35 PM

Actually, I'm sorry, one follow up to cement my understanding, does this mean that framework-based static assets workers are also boiled down to one worker that is composed of all the static assets, the SSR calls, AND one conventional worker definition deployed as one bundle? I guess this is a roundabout way of asking how static asset routing works in that case since my vague mental model is that SSR elements in a framework are neither asset routes nor calls to the main worker definition. Like are those routes treated as, to coin a terrible confusing phrase, static dynamic assets?

Ttumes Actually, I'm sorry, one follow up to cement my understanding, does this mean th...

Isaac McFadyen•3/28/25, 7:38 PM

Static assets aren't included in the bundle. Basically:

Bundle: Functions (for Pages), or your Worker + any deps in the Worker + anything the Worker directly imports
Deploy alongside: everything else (images, audio, html, whatever that is not imported into your Worker)

Isaac McFadyen•3/28/25, 7:39 PM

The "deploy alongside" actually uses KV but it's all handled for your by the platform (either Pages or Workers Assets)

IIsaac McFadyen Static assets aren't included in the bundle. Basically: - Bundle: Functions (for...

tumes•3/28/25, 7:43 PM

I think I get it, and I apologize if this is annoyingly repatative, into which of those two buckets does an SSR endpoint fall? Or more practically: Is anything that's not a freely served asset counted/billed as a worker invocation?

Ttumes I think I get it, and I apologize if this is annoyingly repatative, into which o...

Isaac McFadyen•3/28/25, 7:45 PM

SSR would be part of the bundle and which is billed as a Worker request because the Worker is doing some work (to SSR) the files.

Isaac McFadyen•3/28/25, 7:45 PM

For example, if you rendered a page and served it with SSR, the request for that page would be billed, and then if the page was then sent to the browser and then an image on that page was loaded, that would be an asset request not a Worker request.

jsonperl•3/28/25, 10:13 PM

Anyone got any advice? I'm streaming audio data through since it's large and I KNOW the content-length, but I can't send a streaming response and set content-length headers. The header gets removed. Is there a way to get around that?

Jjsonperl Anyone got any advice? I'm streaming audio data through since it's _large_ and I...

Isaac McFadyen•3/28/25, 10:38 PM

The Cache API should be able to store streaming objects but there's a limit of 512MB for the Cache API which you may be running into?

Isaac McFadyen•3/28/25, 10:38 PM

How big are your objects?

dave•3/29/25, 1:03 AM

Can my Worker call a path served by a Snippet? Or is it like my Worker calling a Worker, where I need a binding?

小

小破•3/29/25, 8:41 AM

import speech from '@google-cloud/speech' // Initialize Google Speech Client const client = new createClient.SpeechClient({ credentials: { client_email: env.GOOGLE_CLIENT_EMAIL, private_key: env.GOOGLE_PRIVATE_KEY } });

service core:user:voice-call-handler-dev: Uncaught TypeError: Cannot convert object to primitive value at null.<anonymous> (index.js:18912:101) in isEnabled at null.<anonymous> (index.js:18915:35) in refresh at null.<anonymous> (index.js:18956:13) in ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/colours.js at null.<anonymous> (index.js:19:51) in require2 at null.<anonymous> (index.js:19013:21) in ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/logging-utils.js at null.<anonymous> (index.js:19:51) in require2 at null.<anonymous> (index.js:19269:18) in ../node_modules/.pnpm/google-logging-utils@0.0.2/node_modules/google-logging-utils/build/src/index.js at null.<anonymous> (index.js:19:51) in __require2 at null.<anonymous> (index.js:19318:18) in ../node_modules/.pnpm/gcp-metadata@6.1.1/node_modules/gcp-metadata/build/src/index.js

```js interface Env { MY_RATE_LIMITER: any; } export default { async fetch(req, env): Promi

Similar Threads

Similar Threads

Similar Threads