Cloudflare Developers•8mo ago

oh so you've just got a lucky account?...

Mmax oh so you've just got a lucky account?...

Rui Figueira•5/25/25, 8:03 PM

so it seems

bun•5/26/25, 10:25 AM

wth is going on?! why does deploying a static website need a worker now ?

bun•5/26/25, 12:21 PM

export default {
  fetch: async (
    request: Request,
    env: { JWT_SECRET: string }
  ): Promise<Response> => {
    const token = request.headers.get("authorization");

    if (!token) {
      return new Response("unauthorized", { status: 401 });
    }

    try {
      await validateJWT(token, env.JWT_SECRET);

      return new Response(null, {
        status: 404 // meant as success for cloudflare to serve assets
      });
    } catch {
      return new Response("forbidden", { status: 403 });
    }
  }
};

export default {
  fetch: async (
    request: Request,
    env: { JWT_SECRET: string }
  ): Promise<Response> => {
    const token = request.headers.get("authorization");

    if (!token) {
      return new Response("unauthorized", { status: 401 });
    }

    try {
      await validateJWT(token, env.JWT_SECRET);

      return new Response(null, {
        status: 404 // meant as success for cloudflare to serve assets
      });
    } catch {
      return new Response("forbidden", { status: 403 });
    }
  }
};

bun•5/26/25, 12:21 PM

any idea why does the following code not work :/ ?

bun•5/26/25, 12:22 PM

like for some reason the page loads fine, when it shouldn't without a valid token, but in debugger, the requests come as 401, meaning the validation only works inside the debugger?

Bbun any idea why does the following code not work :/ ?

Chaika•5/26/25, 12:40 PM

Two problems

By default, Your worker/user code isn't going to be called if the path exactly matches an asset, you'd have to add

run_worker_first = true

run_worker_first = true

to your config
https://developers.cloudflare.com/workers/static-assets/#routing-behavior

You'd have to configure your assets configuration to have a binding (like

ASSETS

ASSETS

) and then call through to it:

return env.ASSETS.fetch(request);

return env.ASSETS.fetch(request);

bun•5/26/25, 12:41 PM

Thank you, works perfectly

Isaac McFadyen•5/26/25, 1:06 PM

Note that if you run_worker_first then you will always be billed for asset requests (i.e. no free serving of assets like Pages)

IIsaac McFadyen Note that if you run_worker_first then you will always be billed for asset reque...

bun•5/26/25, 1:43 PM

do u think there's a way to serve assets while at the same time validate jwt header?

bun•5/26/25, 1:43 PM

without being on enterprise tier

Bbun do u think there's a way to serve assets while at the same time validate jwt hea...

Isaac McFadyen•5/26/25, 1:44 PM

Your method will work but you would be billed. You could use Snippets if you're on a non-Free plan.

dave•5/26/25, 1:52 PM

Was there a recent update on mTLS working for Worker-to-Worker? I thought there was a blog post or something about it.. but can't find anything now.

Bbun do u think there's a way to serve assets while at the same time validate jwt hea...

dave•5/26/25, 1:57 PM

If you want to avoid Workers and Snippets, you can use a HMAC (symmetric algorithm only).

https://developers.cloudflare.com/ruleset-engine/rules-language/functions/#hmac-validation

Personally I prefer Snippets a lot more, since you can use ES256 (ECDSA with the P256 curve + SHA256). Using an asymmetric algorithm is so much nicer, since you don't have to worry about the validator ever needing to know what the secret was.

Ddave If you want to avoid Workers and Snippets, you can use a HMAC (symmetric algorit...

Chaika•5/26/25, 2:02 PM

You'd then need Pro for HMAC, which has Snippets anyway lol

CChaika You'd then need Pro for HMAC, which has Snippets anyway lol

dave•5/26/25, 2:13 PM

ya, but in some cases one might be better than the other. IIRC the WAF doesn't run when you do requests from your own Workers in the same zone, right?

Ddave ya, but in some cases one might be better than the other. IIRC the WAF doesn't r...

Chaika•5/26/25, 2:14 PM

That's confused me before, I think you're right

There is now a compat flag which I believe should get around that:
https://developers.cloudflare.com/workers/configuration/compatibility-flags/#global-fetch-strictly-public
If you were running an untrusted worker

Cloudflare Docs

Compatibility flags

Opt into a specific features of the Workers runtime for your Workers project.

CChaika That's confused me before, I think you're right There is now a compat flag whic...

dave•5/26/25, 3:12 PM

woah, that's really cool! I wish there was a way to do that per request

dave•5/26/25, 3:27 PM

I guess I could do a service binding to a Worker (with global_fetch_strictly_public enabled) that exposes a fetch?

VinnieDePikvis•5/26/25, 3:30 PM

Hey, I was planning on using cloudflare pages to host client websites and provide domain registration what are the limits to it and the pricing for everything

Chaika•5/26/25, 3:32 PM

https://pages.cloudflare.com/#pricing
https://developers.cloudflare.com/pages/platform/limits/
Domain Registration depends on the domain and extension, can see in dashboard by searching to register a domain

Cloudflare Docs

Limits

Below are limits observed by the Cloudflare Free plan. For more details on removing these limits, refer to the Cloudflare plans page.

Cloudflare Pages

Build your next application with Cloudflare Pages

CChaika That's confused me before, I think you're right There is now a compat flag whic...

dave•5/26/25, 3:34 PM

oh sweet, this makes caching in my Workers that are triggered by Cron Workers!

CChaika https://pages.cloudflare.com/#pricing https://developers.cloudflare.com/pages/pl...

VinnieDePikvis•5/26/25, 3:41 PM

so its $200 a month to have 20 concurrent builds, can this be increased if asked later

VVinnieDePikvis so its $200 a month to have 20 concurrent builds, can this be increased if asked...

Chaika•5/26/25, 3:42 PM

If you go up to Enterprise I'm sure it could, without Enterprise there's the limit form on https://developers.cloudflare.com/pages/platform/limits/, not sure if they would or not

Chaika•5/26/25, 3:43 PM

worth noting concurrent builds is just if you're using Cloudflare's built in builders and such. If you're using drag and drop/direct upload/uploading the files via the API, both the concurrent build limit and the builds per month limit do not apply

CChaika worth noting concurrent builds is just if you're using Cloudflare's built in bui...

VinnieDePikvis•5/26/25, 4:18 PM

so my current situation is that I need to host my NextJS sites, so are you saying that if I build them using cloudflare-on-next npm package and just make cloudflare host those its free?

VVinnieDePikvis so my current situation is that I need to host my NextJS sites, so are you sayin...

Chaika•5/26/25, 4:22 PM

If you build them locally and upload the files you can avoid the build limits and such
Worth noting next-on-pages for example uses Functions to handle all the routing, and you'd be either limited by the Functions free tier or have to pay as part of Workers Paid
Only truly static sites/assets are free and unlimited requests

CChaika If you build them locally and upload the files you can avoid the build limits an...

VinnieDePikvis•5/26/25, 4:24 PM

hmm, well I can't make them static but thanks, 'ppreciate it

CChaika That's confused me before, I think you're right There is now a compat flag whic...

dave•5/26/25, 4:28 PM

What is the downside of using this flag? It seems like it should be a default, what would it break…?

Ddave What is the downside of using this flag? It seems like it should be a default, w...

Chaika•5/26/25, 4:29 PM

It would break every worker on a route fetching through to the origin

Chaika•5/26/25, 4:30 PM

or any worker depending on it not being challenged/blocked. I have an Astro SSR site which fetches the API on the same zone, wouldn't want it being challenged or blocked in anyway

CChaika It would break every worker on a route fetching through to the origin

dave•5/26/25, 4:30 PM

ahhh, I think I have almost zero Workers do that do that pattern.

Chaika•5/26/25, 4:31 PM

yea I think it's kind of rarer these days, was like the #1 use case when Workers first launched though, and still a good example/use

CChaika It would break every worker on a route fetching through to the origin

dave•5/26/25, 4:40 PM

How does the flag interact with service bindings?

Ddave How does the flag interact with service bindings?

Chaika•5/26/25, 4:42 PM

in what way? I would assume this changes nothing with calling/fetching them since that's all seperate and magical, I haven't tested though

CChaika in what way? I would assume this changes nothing with calling/fetching them sinc...

dave•5/26/25, 4:43 PM

like if it would change any behaviour at all.

I think you're right that it's all seperate and doesn't impact, but yeah I don't know 100%.

dave•5/26/25, 10:56 PM

How is it possible that I exceeded the CPU time with only 11ms?

Walshy•5/26/25, 11:13 PM

Cron triggers have a wall time limit, you exceeded that

Walshy•5/26/25, 11:13 PM

(The reporting for that isn't great I know - sorry for that)

Walshy•5/26/25, 11:15 PM

https://developers.cloudflare.com/workers/platform/limits/#worker-limits

WWalshy (The reporting for that isn't great I know - sorry for that)

dave•5/26/25, 11:19 PM

ah yeah it's just the reporting that's the issue

Trojan•5/27/25, 12:48 PM

Is it beneficial to ping workers at the beginning of a request to “pre-warm” them if you know you’ll make requests to them?

WWalshy Cron triggers have a wall time limit, you exceeded that

dave•5/27/25, 1:21 PM

Why do normal Workers have no limit, but Cron Workers do? Feels backwards.

Walshy•5/27/25, 1:22 PM

well, cron triggers are a bit different than normal invocations. don't really want to run a worker every minute and let it run for 6 hours

TTrojan Is it beneficial to ping workers at the beginning of a request to “pre-warm” the...

dave•5/27/25, 1:22 PM

Workers are so fast that I don’t really see a need to do that. The max startup time is 400ms, so I think you’d always be looking at <1 second at worst for a cold start.

WWalshy well, cron triggers are a bit different than normal invocations. don't really wa...

dave•5/27/25, 1:22 PM

That’s exactly what I want though.

Walshy•5/27/25, 1:22 PM

also we already pre-warm https://blog.cloudflare.com/eliminating-cold-starts-with-cloudflare-workers/

Ddave That’s exactly what I want though. 😅

Walshy•5/27/25, 1:23 PM

haha, then your best bet is DO Alarms

WWalshy also we already pre-warm <https://blog.cloudflare.com/eliminating-cold-starts-wi...

dave•5/27/25, 1:24 PM

For now, this is only available for Workers that are deployed to a “root” hostname like “example.com” and not specific paths like “example.com/path/to/something.” We plan to introduce more optimizations in the future that can preload specific paths.

Is this still the case, or did that optimization land for custom routes (i.e. non-custom domain routes)?

WWalshy haha, then your best bet is DO Alarms

dave•5/27/25, 1:25 PM

A Worker can have up to three Cron Triggers configured at once

https://developers.cloudflare.com/durable-objects/api/alarms/#background

I’m like 75% sure this is wrong, since I use waaaaay more than three Cron schedules in many of my Workers.

Cloudflare Docs

Alarms

Durable Objects alarms allow you to schedule the Durable Object to be woken up at a time in the future. When the alarm's scheduled time comes, the alarm() handler method will be called. Alarms are modified using the Storage API, and alarm operations follow the same rules as other storage operations.

Ddave > For now, this is only available for Workers that are deployed to a “root” host...

Walshy•5/27/25, 1:28 PM

still root, it's hard to figure out the right path early

oh so you've just got a lucky account?...

Similar Threads

Similar Threads

Similar Threads