167 Matching Annotations
  1. Oct 2023
    1. While the interface among services is HTTP, the networking is not. In fact, there is no networking! Unlike the typical “microservice architecture,” where services communicate over a network and can suffer from latency or interruption, service bindings are a zero-cost abstraction. When you deploy a service, we build a dependency graph of its service bindings, then package all of those services into a single deployment. When one service invokes another, there is no network delay; the request is executed immediately.This zero-cost model enables teams to share and reuse code within their organizations, without sacrificing latency or performance.
  2. Sep 2023
  3. Aug 2023
    1. ```toml type = "webpack" webpack_config = "webpack.config.js"

      these will be used in production

      vars = { WORKER_ENV = "production", SENTRY_ENABLED = true }


      these will be used only when --env=local

      vars = { WORKER_ENV = "local", SENTRY_ENABLED = false } ```

      wrangler dev --env=local

    1. ```js // Auth Worker

      export default { async fetch(request, env) { // Read x-custom-token header and make sure it matches SECRET_TOKEN if (request.headers.get('x-custom-token') === env.SECRET_TOKEN) { return new Response('Request allowed', { status: 200 }); } else { return new Response('x-custom-token does not match, request not allowed', { status: 403 }); } }, }; ```

      ```js // Gateway Worker

      export default { async fetch(request, env) { // Fetch AUTH service and pass request const authResponse = await env.auth.fetch(request.clone());

      // Return response from the AUTH service if the response status is not 200
      // It would return 403 'x-custom-token does not match, request not allowed' response in such case
      if (authResponse.status !== 200) {
        return authResponse;
      // Request allowed
      // You can write application logic here
      // In this case we delegate the logic to an `application` Worker
      return await env.application.fetch(request)

      }, }; ```

  4. Jul 2023
    1. The Hibernation API allows a Durable Object that is not currently running an event handler, such as handling a WebSocket message, HTTP request, or alarm, to be removed from memory while keeping its WebSockets connected (“hibernation”).
  5. Jun 2023
    1. Where such denial-of-service conditions occur, Cloudflare provides a bizarre “one more step” page inviting the visitor to complete a reCAPTCHA to access the site. Cloudflare claims that this is based on IP reputation, which constitutes a fallacious equivocation of IPs and users which has been found to be highly detrimental to Tor users in terms of the browseability of the web.

      This is a good critique of Cloudflare CAPTCHAs. They are especially annoying when using a VPN (I use Mullvad) or unusual browser configurations. I wrote about how the Wayback Machine provides a good end-around the CAPTCHA deluge for pages which have been captured.


  6. May 2023
    1. Hey! Thanks for raising this. As pointed out earlier in the thread, the workerd npm distribution is currently incompatible with Debian 11 "Bullseye", so won't work with any distro based off that (e.g. Ubuntu 20.04). Debian 12 "Bookworm" based distros (e.g. Ubuntu 22.04) should work, provided you apt install libc++1. We're working on getting a statically linked version of workerd published that should work on older Linux versions. No timeline on when this will be available though.
    1. Figured it out. Cache-Control header is required.

      js const headers = { 'Cache-Control': 'public, max-age=604800' }; const request = new Request('https://foobar.com/') const cacheResponse = new Response('bar',{ headers }) const cache = caches.default await cache.put(request, cacheResponse) const response = await cache.match(request);

    1. 🥳

      ```js import { connect } from 'cloudflare:sockets';

      export default { async fetch(req: Request) { const gopherAddr = "gopher.floodgap.com:70"; const url = new URL(req.url);

      try {
        const socket = connect(gopherAddr);
        const writer = socket.writable.getWriter()
        const encoder = new TextEncoder();
        const encoded = encoder.encode(url.pathname + "\r\n");
        await writer.write(encoded);
        return new Response(socket.readable, { headers: { "Content-Type": "text/plain" } });
      } catch (error) {
        return new Response("Socket connection failed: " + error, { status: 500 });

      } }; ts connect(address: SocketAddress | string, options?: SocketOptions): Socket

      declare interface Socket { get readable(): ReadableStream; get writable(): WritableStream; get closed(): Promise<void>; close(): Promise<void>; startTls(): Socket; }

      declare interface SocketOptions { secureTransport?: string; allowHalfOpen: boolean; }

      declare interface SocketAddress { hostname: string; port: number; } ```

  7. Apr 2023
  8. Mar 2023
    1. <table><tbody><tr><th colspan="4" rowspan="1">Status</th><th colspan="4" rowspan="1">Description</th></tr><tr><td colspan="5" rowspan="1">HIT</td><td colspan="5" rowspan="1">The resource was found in Cloudflare’s cache.</td></tr><tr><td colspan="5" rowspan="1">MISS</td><td colspan="5" rowspan="1">The resource was not found in Cloudflare’s cache and was served from the origin web server.</td></tr><tr><td colspan="5" rowspan="1">NONE/UNKNOWN</td><td colspan="5" rowspan="1">Cloudflare generated a response that denotes the asset is not eligible for caching. This may have happened because:
    2. A Worker generated a response without sending any subrequests. In this case, the response did not come from cache, so the cache status will be none/unknown.
    3. A Worker request made a subrequest (fetch). In this case, the subrequest will be logged with a cache status, while the main request will be logged with none/unknown status (the main request did not hit cache, since Workers sits in front of cache).
    4. A Firewall rule was triggered to block a request. The response will come from the edge network before it hits cache. Since there is no cache status, Cloudflare will log as none/unknown.
    5. A redirect page rule caused the edge network to respond with a redirect to another asset/URL. This redirect response happens before the request reaches cache, so the cache status is none/unknown.
    6. </td></tr><tr><td colspan="5" rowspan="1">EXPIRED</td><td colspan="5" rowspan="1">The resource was found in Cloudflare’s cache but was expired and served from the origin web server.</td></tr><tr><td colspan="5" rowspan="1">STALE</td><td colspan="5" rowspan="1">The resource was served from Cloudflare’s cache but was expired. Cloudflare could not contact the origin to retrieve an updated resource.</td></tr><tr><td colspan="5" rowspan="1">BYPASS</td><td colspan="5" rowspan="1">The origin server instructed Cloudflare to bypass cache via a Cache-Control header set to no-cache,private, or max-age=0 even though Cloudflare originally preferred to cache the asset. BYPASS is returned when enabling Origin Cache-Control. Cloudflare also sets BYPASS when your origin web server sends cookies in the response header.</td></tr><tr><td colspan="5" rowspan="1">REVALIDATED</td><td colspan="5" rowspan="1">The resource is served from Cloudflare’s cache but is stale. The resource was revalidated by either an If-Modified-Since header or an If-None-Match header.</td></tr><tr><td colspan="5" rowspan="1">UPDATING</td><td colspan="5" rowspan="1">The resource was served from Cloudflare’s cache and was expired, but the origin web server is updating the resource. UPDATING is typically only seen for very popular cached resources.</td></tr><tr><td colspan="5" rowspan="1">DYNAMIC</td><td colspan="5" rowspan="1">Cloudflare does not consider the asset eligible to cache and your Cloudflare settings do not explicitly instruct Cloudflare to cache the asset. Instead, the asset was requested from the origin web server. Use Page Rules to implement custom caching options.</td></tr></tbody></table>
    1. HTML templating and streaming response library for Worker Runtimes such as Cloudflare Workers.

      js function handleRequest(event: FetchEvent) { return new HTMLResponse(pageLayout('Hello World!', html` <h1>Hello World!</h1> ${async () => { const timeStamp = new Date( await fetch('https://time.api/now').then(r => r.text()) ); return html`<p>The current time is ${timeEl(timeStamp)}.</p>` }} `)); }

  • Feb 2023
    1. ```js import type { EntryContext } from "@remix-run/cloudflare"; import { RemixServer } from "@remix-run/react"; import isbot from "isbot"; import { renderToReadableStream } from "react-dom/server";

      const ABORT_DELAY = 5000;

      const handleRequest = async ( request: Request, responseStatusCode: number, responseHeaders: Headers, remixContext: EntryContext ) => { let didError = false;

      const stream = await renderToReadableStream( <RemixServer context={remixContext} url={request.url} abortDelay={ABORT_DELAY} />, { onError: (error: unknown) => { didError = true; console.error(error);

          // You can also log crash/error report
        signal: AbortSignal.timeout(ABORT_DELAY),


      if (isbot(request.headers.get("user-agent"))) { await stream.allReady; }

      responseHeaders.set("Content-Type", "text/html"); return new Response(stream, { headers: responseHeaders, status: didError ? 500 : responseStatusCode, }); };

      export default handleRequest; ```

  • Jan 2023
  • Dec 2022
  • blog.cloudflare.com blog.cloudflare.com