Hi there - I'm looking for a good solution to run some code on behalf of my customers, in such a way

Hi there - I'm looking for a good solution to run some code on behalf of my customers, in such a way that I cannot access their secrets. I actually control all the code, although in the future having client uploaded code might be helpful.

The big issue is I don't want to be able to access their secrets, and ideally I wouldn't be able to arbitrarily update the code which could then let me exfiltrate the secrets. Obviously I'll still want to be able to update the worker code, or deploy a new worker and re-bind the secret, but only with the customer's approval.

Seems like workers for platforms is fairly close to being able to do what I want, but not quite there.

Any ideas on how I can accomplish this?

Ttheo Hi there - I'm looking for a good solution to run some code on behalf of my cust...

Hard@Work•8/19/25, 7:26 PM

Would it work if the account it was deployed to was owned by the Customer?

Hard@Work•8/19/25, 7:27 PM

That's the only thing I can think of. WfP could be an option, but there is no way to lock deploys to be "at your customer's" approval, at least not baked in in a way that you wouldn't be able to change it yourself

HHard@Work Would it work if the account it was deployed to was owned by the Customer?

theoOP•8/19/25, 8:32 PM

Ideally not. Not all our customers will be necessarily be running on cloudflare, and that would add quite a bit of friction to getting things started.

theoOP•8/19/25, 8:34 PM

In the past I had posted an idea about a concept of something like a self-managed worker. Where there is some code running within the worker which returns a token, required to update that worker code. So basically you could implement whatever logic you need (some kind of auth, proof of ownership / etc) that gates the update.

We'd still have our users take some manual action to opt into the latest version of our software, which would be available for them to audit and review.

Ttheo In the past I had posted an idea about a concept of something like a self-manage...

Hard@Work•8/19/25, 8:46 PM

I'm not sure I follow your idea there?

You can set it up so that deployments only happen once your system has registered user consent, but there is no way to lock it on the Cloudflare side to prevent you from deploying anyway(at least, not that I'm aware of)

theoOP•8/19/25, 8:50 PM

Yeah it would have to be something new on the cloudflare side. A way of saying - this worker opts into self-managed updates.
Then CF would have to lock redeploying new code to that worker without some condition being met, likely passing in some kind of token that I as the platform operator dont have access to, but that my users do.

theoOP•8/19/25, 8:52 PM

If a secret is bound to that worker on creation and never recorded, then you'd have the ability to isolate access from the platform.

LrGian•9/2/25, 3:20 PM

Hello, has anyone in their development process, in their local environment, used a single local d1 for several workers since each worker within .wrangler creates its own d1

rohanbojja•9/2/25, 3:36 PM

Hello, what’s the recommended way to deploy a worker to a dispatch namespace? I noticed the REST endpoint allows uploading scripts, but our use case involves deploying full-stack apps (React + Vite + Hono). Currently, we use Wrangler in our pipeline, would it be possible to achieve the same via the API?

Walshy•9/2/25, 3:41 PM

Yep, you can just do what Wrangler does. The API is the same between Workers & Workers for Platforms, no limitations on what you can upload

You can also use wrangler by specifying

--dispatch-namespace

--dispatch-namespace

wrangler deploy

wrangler deploy

Walshy•9/2/25, 3:42 PM

Without Wrangler, you'd want to likely bundle the server side and upload that. For Assets, upload those with the upload API (https://developers.cloudflare.com/workers/static-assets/direct-upload/)

Tamada•9/8/25, 6:27 AM

Hello, is there someone who can help me in a workers that is using Workers for platform? when I started the worker, the message below is showing? please note that app-sandbox-proxy is also running locally.

wrangler 4.20.5
node: v20.19.1

env.DISPATCH_NAMESPACE          Dispatch Namespace      not supported
  app-sandbox-namespace (outbound -> app-sandbox-proxy)

env.DISPATCH_NAMESPACE          Dispatch Namespace      not supported
  app-sandbox-namespace (outbound -> app-sandbox-proxy)

liusha.bnb•9/12/25, 6:31 AM

@Walshy | DevPlat EE hi bro, i'm building a product based on worker for platform, i uploaded several project's static assets as user worker, my question is does these static assets requests counted into billing or not, because i can see dispatch worker logs these static assets requests

Leo•9/12/25, 11:47 AM

There are high packet losses and ping issues on the Germany Telekom line. Is there a solution to this problem?

Lliusha.bnb @Walshy | DevPlat EE hi bro, i'm building a product based on worker for platform...

Isaac McFadyen•9/12/25, 2:56 PM

?pings

SuperHelpflare•9/12/25, 2:56 PM

Please do not ping community members for non-moderation reasons. Doing so will not solve your issue faster and will make people less likely to want to help you.

Leo•9/12/25, 6:46 PM

The domains of Cloudflare Workers are now experiencing packet loss by most ISPs.

LLeo The domains of Cloudflare Workers are now experiencing packet loss by most ISPs.

Peps•9/12/25, 6:55 PM

which ISPs and against which domain?

Leo•9/12/25, 6:56 PM

https://bazid1.phy6.workers.dev/

Peps•9/12/25, 6:56 PM

If it's just/mainly Telekom, then that's an issue on their side, as they refuse to peer with Cloudflare, causing traffic to get rerouted signifcantly

Leo•9/12/25, 6:56 PM

https://ipinfo.io/AS3320

AS3320 Deutsche Telekom AG details - IPinfo.io

AS3320 autonomous system information: WHOIS details, hosted domains, peers, upstreams, downstreams, and more

Peps•9/12/25, 6:57 PM

long time issues specifically with Telekom, see https://www.google.com/search?q=cloudflare+telekom

www.google.com

🔎 cloudflare telekom - Google Search

Leo•9/12/25, 6:58 PM

Isn't there a solution for this? It seems there’s no problem on Pages.dev, but there is an issue on Workers.dev

LLeo Isn't there a solution for this? It seems there’s no problem on Pages.dev, but t...

Chaika•9/12/25, 7:00 PM

Pages.dev gets enterprise-like inbound routing where workers.dev gets free plan like inbound routing. Upgrading the plan improves routing where it's expensive to Cloudflare/capacity/etc

CChaika Pages.dev gets enterprise-like inbound routing where workers.dev gets free plan ...

Leo•9/12/25, 7:01 PM

Guess it’s time to dump my Cloudflare stock

Leo•9/12/25, 7:05 PM

Do you have any suggestions for me? Maybe another provider or a different approach? Actually, I was using it as a reverse proxy for my code. Since domains keep getting blocked in my country for political reasons, I used to simply change the domain name on Workers and get a fresh one each time — it worked really well. That way I never had to buy a domain. But now I ran into issues on the Germany side. It used to be a low-cost and elegant solution.

Peps•9/12/25, 7:06 PM

There are no big providers that specialise in circumventing government blocks, and even if there were, this is not the channel or Discord to discuss that.

PPeps There are no big providers that specialise in circumventing government blocks, a...

Leo•9/12/25, 7:20 PM

You sound like a pro, so I guess I’d better listen before I get myself in trouble.

Leo•9/13/25, 4:54 PM

I hope the Cloudflare HTTP/3 (QUIC) packet issue gets fixed. Everything will work fine on Deutsche Telekom then. Right now, it looks like there is an SSL issue according to the status page.

LLeo I hope the Cloudflare HTTP/3 (QUIC) packet issue gets fixed. Everything will wor...

Isaac McFadyen•9/13/25, 5:01 PM

That is unrelated to any issues with Deutsche Telekom, that's about the SSL for Saas Cloudflare API.

IIsaac McFadyen That is unrelated to any issues with Deutsche Telekom, that's about the SSL for ...

Leo•9/13/25, 5:03 PM

No bro, I’m talking about something else.

LLeo No bro, I’m talking about something else.

Isaac McFadyen•9/13/25, 5:05 PM

I know but you said:

Right now, it looks like there is an SSL issue according to the status page.

That is unrelated to either QUIC or Deutsche Telekom.

orangesbracelet•9/15/25, 12:36 PM

hi folks, I had cronjob which takes more than 15 minutes so I refactored to workflow as there is no duration limit for steps. I was triggering workflow creation inside cronjob. But then I stuck at "too many subrequests". I send about 3k request to an api. In this case what should I do, did you have any problem like this ?

adeola13.•9/19/25, 5:39 PM

hello if I use workers for platforms, and lets say want to give each of my saas customers their own queue, will the 10K queue limit still apply?

antim8•9/23/25, 8:30 AM

Hi, I’m trying to set up a single Worker that handles requests for *.customer.mydomain.com.

Each customer points their domain to [customerId].customer.mydomain.com via CNAME and CF for SaaS.

My Worker should pick up all requests under that wildcard and route accordingly.

What is the proper / intended way to solve this with Workers + CF for SaaS?

LLeo Do you have any suggestions for me? Maybe another provider or a different approa...

TuChutya•9/25/25, 2:15 PM

Reverse proxy..interesting..if you have time xan yoyu just help me or explain me pelase...

LordSilver•9/26/25, 10:35 AM

I wanted to test Aegis.

darkpool•9/29/25, 8:53 PM

Are worker loaders meant to replace the WFP model? Im still playing around with it but assuming pricing isn't 100x higher than WFP it seems way more efficient to just keep user-generated code in d1 or something and dynamically execute, then throw away. Pretty much my dream come true EDIT: nvm, answerd here: Facets

IIsaac McFadyen Yes, maximum 1000 per docs here: https://developers.cloudflare.com/kv/platform/l...

TurboJack•9/29/25, 11:16 PM

Is it possible to increase this limit?
It is not clear which limits can be increased.

TTurboJack Is it possible to increase this limit? It is not clear which limits can be incre...

Hard@Work•9/29/25, 11:21 PM

To request an adjustment to a limit, complete the Limit Increase Request Form . If the limit can be increased, Cloudflare will contact you with next steps.

HHard@Work > To request an adjustment to a limit, complete the [Limit Increase Request Form...

TurboJack•9/29/25, 11:32 PM

Is it possible to get a general answer? I don't need this to be increased for now, but I need to know which primitives I can provide to my users.

TTurboJack Is it possible to get a general answer? I don't need this to be increased for no...

Hard@Work•9/29/25, 11:37 PM

Checking

BigFungus•9/30/25, 8:35 AM

We are wondering if the new rate limit API applies to WFP; can we apply this to a dispatch and/or namespaced workers? This is not mentioned in the docs https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/

Cloudflare Docs

Rate Limiting

Define rate limits and interact with them directly from your Cloudflare Worker

Vlad Lykhonis•9/30/25, 2:47 PM

Is there some realiable way to check if worker is avilable to be retrieved via stub and invoked? Seems like if I to deploy new worker (upload), and right away call dispatcher get on it to invoke it (fetch), I get gateway timeout. But if i wait few seconds before invoking fetch, it seems to work more reliably.

HHard@Work Checking

TurboJack•10/2/25, 8:19 PM

@Hard@Work | R2 any updates?

Vlad Lykhonis•10/3/25, 11:00 AM

On this page: https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/platform/limits/ vs this page https://developers.cloudflare.com/durable-objects/platform/limits/

Does it mean if I deploy a Durable Object inside my Workers for Platforms, limit of 500 maximum durable object classes is not applied?

In other words, I can deploy unlimited number of Workers (for platforms) with DO class/namespace per worker. (unlimitted DOs)

piemaking•10/3/25, 6:42 PM

When are we getting workflows?

Prydar•10/4/25, 12:24 AM

I’d like workflows too!

Jaja•10/8/25, 6:22 AM

Hey everyone,

TLDR: How do I gracefully handle updating user workers in my dispatch namespace once they are already in production?
Note: I control the user worker code so every user worker will be THE SAME app just connected to different bindings instances

I am building a healthcare clinic management software and want to achieve the following architecture:

control plane worker where a user signs up their company
this kicks off a Workflow which provisions a tenant worker for that specific company alongside their own D1 database and R2 storage
the tenant is available via the subdomain pattern eg company1.example.com
the tenant worker handles its own authentication etc

I now have the subdomain based dynamic dispatch pattern working with a tenant worker that I have manually deployed

I have also successfully provisioned a tenant worker with its own D1 and R2 bindings via the Workers for Platforms Script Upload API

My question is if I make changes to the tenant app code and want to redeploy so that existing tenants will have the updated version of my application, how would I handle this in the cleanest way?

My solution I have thought of would be to store all the tenant names in a KV or D1 register and then in CI/CD I would loop through them and redeploy using wrangler

Is this the best option here or is there a more blessed path for this?

Thanks!

Hi there - I'm looking for a good solution to run some code on behalf of my customers, in such a way

Similar Threads

Similar Threads

Similar Threads