Cloudflare Developers•9mo ago

Well its more of env var behavior not secrets

Ccrossbeau Well its more of env var behavior not secrets

Rostislav•4/25/25, 2:28 PM

I know.. just like the wordplay

RRostislav I know.. just like the wordplay

crossbeauOP•4/25/25, 2:29 PM

Touche

Avi•4/25/25, 10:20 PM

is there any way to force a worker to run in a particular region?

Avi•4/25/25, 10:21 PM

or prevent a worker from running in a particular region?

AAvi or _prevent_ a worker from running in a particular region?

Hard@Work•4/25/25, 10:28 PM

https://developers.cloudflare.com/data-localization/regional-services/

Cloudflare Docs

Regional Services · Data Localization Suite docs

Regional Services gives you the ability to accommodate regional restrictions by choosing which subset of data centers decrypt and service HTTPS traffic.

Avi•4/25/25, 10:36 PM

thanks @Hard@Work - and do you know if there's a way to check (from within a DO) where it was spawned?

Avi•4/25/25, 10:37 PM

i assume req.cfreq.cf would indicate the location of the where the request came from, not where it was served from

seflanka•4/25/25, 10:37 PM

Is there any ETA on when Cloudflare SQL D1 clusters will be available in Brazil? When can we expect Cloudflare SQL D1 infrastructure to be available in Brazil?

AAvi thanks @Hard@Work - and do you know if there's a way to check (from within a DO...

Chaika•4/25/25, 10:42 PM

Fetch https://cloudflare.com/cdn-cgi/trace within DO and see the colo=colo= line for location

CChaika Fetch https://cloudflare.com/cdn-cgi/trace within DO and see the `colo=` line fo...

Avi•4/25/25, 10:44 PM

interesting- is there any documentation/commitment to support that? or is that just a clever trick?

Sseflanka Is there any ETA on when Cloudflare SQL D1 clusters will be available in Brazil?...

Chaika•4/25/25, 10:45 PM

Cloudflare doesn't really do ETAs, not until something is very close. D1 depends on Durable Objects being in the location. They talked about supporting South America and India supported by the end of 2025 but obviously that never happened, would assume it's still something they're working towards though

seflanka•4/25/25, 10:47 PM

tanks for the help

AAvi interesting- is there any documentation/commitment to support that? or is that ...

Chaika•4/25/25, 10:48 PM

I don't think it's documented anywhere but can't imagine they'd ever mess with it too much. Fundamentally you're fetching inside of the Durable Object, routing to another location wouldn't make sense. Afaik rn it's all handled on the same machine that the durable object is on. It's been a thing for years now
Fetching /cdn-cgi/trace and parsing it is something cloudflare itself does as well on some of their pages/utilities.

AAvi thanks @Hard@Work - and do you know if there's a way to check (from within a DO...

Hard@Work•4/25/25, 10:53 PM

Here's a one-liner:

((await (await fetch("https://www.cloudflare.com/cdn-cgi/trace")).text()).match(/^colo=(.+)/m) as string[])[1]

((await (await fetch("https://www.cloudflare.com/cdn-cgi/trace")).text()).match(/^colo=(.+)/m) as string[])[1]

HHard@Work Here's a one-liner: ```ts ((await (await fetch("https://www.cloudflare.com/cdn-c...

Avi•4/25/25, 11:01 PM

heh, thanks. actually the

loc

loc

seems quite useful too

Avi•4/25/25, 11:01 PM

i'm gonna throw all that into sentry tags and see how those values compare to req.cf.locationreq.cf.location

AAvi i'm gonna throw all that into sentry tags and see how those values compare to `r...

Hard@Work•4/25/25, 11:05 PM

The req.cfreq.cf value is set in the first Worker in the chain. It isn't modified if you pass the request on to another Worker(via Service Bindings) or a Durable Object

HHard@Work The `req.cf` value is set in the first Worker in the chain. It isn't modified if...

Avi•4/25/25, 11:16 PM

in other words, it woul dindicate the location the request came from, not necessraily the location the DO was served from, right?

AAvi in other words, it woul dindicate the location the request came from, not necess...

Hard@Work•4/25/25, 11:17 PM

Yep(and note too that the location is derived from the IP of the incoming request, which may not necessarily be accurate)

Avi•4/25/25, 11:47 PM

strange, even though cdn-cgi/tracecdn-cgi/trace shows my colo is FRAFRA (France), OpenAI is still rejecting my requests when I connect via a VPN to Hong Kong

Avi•4/25/25, 11:47 PM

its like somehow it... knows

Avi•4/25/25, 11:47 PM

yet the DO is apparently definitely running in a supported region (France is supported, HK is not)

Avi•4/25/25, 11:47 PM

i just can't figure out how this is possible

AAvi strange, even though `cdn-cgi/trace` shows my colo is `FRA` (France), OpenAI is ...

Hard@Work•4/25/25, 11:51 PM

FRAFRA is Frankfurt in Germany. But also, iirc, requests from Workers still pass along a connecting IP header, and I'm wondering if that also happens for the DO

Avi•4/25/25, 11:51 PM

ahhh

Avi•4/25/25, 11:51 PM

iiinteresting

Avi•4/25/25, 11:52 PM

@Hard@Work like, all outgoing

fetch

fetch

requests from a DO might include, without my explicit configuration, a header indicating the IP the incoming request originated from?

AAvi @Hard@Work like, all outgoing `fetch` requests from a DO might include, without...

Hard@Work•4/25/25, 11:53 PM

That's what I'm guessing might be happening

Hard@Work•4/25/25, 11:53 PM

Also might be some other kind of detection system, idk

Chaika•4/25/25, 11:55 PM

Looks like openai does use cf for their API as well

HHard@Work That's what I'm guessing *might* be happening

Avi•4/25/25, 11:58 PM

i just set up a server that will print all headers of incoming requests and im gonna test this

Avi•4/26/25, 12:06 AM

aha!

Avi•4/26/25, 12:06 AM

  'cf-ipcountry': 'HK',

  'cf-ipcountry': 'HK',

NNico With email workers, is it possible to do gmail style plus addressing? That is, o...

Nico•4/26/25, 1:11 AM

Just wondering about this still - With email workers, is it possible to do gmail style plus addressing? That is, once I bind my worker to an email "route", can I use the example@mydomain.com and example+foo@mydomain.com to send email to that worker?

NNico Just wondering about this still - With email workers, is it possible to do gmail...

Hello, I’m Allie!•4/26/25, 4:36 AM

https://developers.cloudflare.com/email-routing/postmaster/

Cloudflare Docs

Postmaster · Cloudflare Email Routing docs

Reference page with postmaster information for professionals, as well as a known limitations section.

Hello, I’m Allie!•4/26/25, 4:36 AM

Sorry wrong link

Hello, I’m Allie!•4/26/25, 4:36 AM

https://developers.cloudflare.com/email-routing/postmaster/#signs-such--and--are-treated-as-normal-characters-for-custom-addresses

Cloudflare Docs

Postmaster · Cloudflare Email Routing docs

Reference page with postmaster information for professionals, as well as a known limitations section.

Hello, I’m Allie!•4/26/25, 4:36 AM

Here we go

Nico•4/26/25, 4:42 AM

Thanks!

LordSilver•4/26/25, 7:04 AM

Is it possible to control the Playwright instance of Browser Rendering API using prompts through the playwright-mcp server?

LordSilver•4/26/25, 7:04 AM

I would like inside a worker to write a few promtps "navigate to this site, click this, extract this info".

Elia•4/26/25, 1:11 PM

Hey guys, https://phantom.com (the crypto wallet) keeps sending phishing reports through various entities to my side-project hosted on https://phantom.ac (solely because the domain names match)

Here's a sample of what I have to deal with on a regular basis, where my DNS provider namecheap got a report due to some reporting a Nextcloud instance's login page as "phishing".

Issue is that due to these countless reports, CF now labels my pages deployment as "likely phishing" due to reports like these.

Elia•4/26/25, 1:11 PM

Any thing else I can do other than respond to CF Trust and Safety? People are paying for these tools and can't access them right now

James•4/26/25, 1:49 PM

Sadly all you can do is work with Trust and Safety, sorry

RRicky U Can someone help me about how to get Secrets Store working locally? https://disc...

fforres•4/26/25, 4:13 PM

+1 to this thread. I was checking that now. I imagine as a security measure you cannot access remotely created secrets on local. (makes sense)

If you work on your .dev.vars is great, but running a team, one of the benefits is centralized secret access for some variables.

Share some remote service tokens, or that same service address for example.
...but your local DB address/password is your own setup

Would love for some examples on a development flow that leverages local (.dev.vars) + secret store

fforres•4/26/25, 4:14 PM

We had a 1password CLI integration to load vars and dumping them in .dev.vars... but it's an overkill IMO

specially if we could do secrets storesecrets store

Silvan•4/27/25, 3:05 PM

im currently running like 1 vite and 5 workers in a monorepo using turbo. i was wondering if i should instead use wrangler dev -c and run it all in 1 process. i have a feeling this will be the recommended way going forward :thinkies:

any opinions on that?

Bonadio•4/27/25, 8:08 PM

I created a simple template using TanStack Start with Cloudflare Workers, Drizzle, and D1 for anyone that want to try TanStack Start framework on CloudFlare Workers, works very well. Seems a good option for a NextJS alternative. I worked with Remix and TanStack Start seems an evolution.
https://github.com/bonadio/tanstack-start-cloudflare-workers

GitHub

GitHub - bonadio/tanstack-start-cloudflare-workers

Contribute to bonadio/tanstack-start-cloudflare-workers development by creating an account on GitHub.

Well its more of env var behavior not secrets

Similar Threads

Similar Threads

Similar Threads