Cloudflare #r2

Join Discord

Skye

02/19/2023, 3:50 PM

That's in a worker

Skye

02/19/2023, 3:50 PM

I added the binding in the dashboard

Skye

02/19/2023, 3:50 PM

That message has the code I used

Deleted User

02/19/2023, 3:51 PM

If it helps, it's specifically

Accept: application/signed-exchange

that 404s (any string that starts with application/signed-exchange, ie. application/signed-exchangessssss)

Erisa | Support Engineer

02/19/2023, 3:52 PM

firefox 404s regardless of accept

Erisa | Support Engineer

02/19/2023, 3:52 PM

mine does, anyway

Erisa | Support Engineer

02/19/2023, 3:53 PM

anyway, i think i managed to repro on a real origin

Erisa | Support Engineer

02/19/2023, 3:53 PM

https://erisa.party/2022/12/image.png▾

* *

Erisa | Support Engineer

02/19/2023, 3:53 PM

to say the least that is concerning

Erisa | Support Engineer

02/19/2023, 3:53 PM

let me see what else i can find out / who i can yell at

Deleted User

02/19/2023, 4:03 PM

You need to use this in a Worker

Deleted User

02/19/2023, 4:04 PM

With a worker you can bind R2 and call env.R2.list(), as Skye mentioned

HardAtWork

02/19/2023, 4:05 PM

Copy code

js
const data = await (await fetch("https://your.worker.domain")).json();

ajeesh

02/19/2023, 4:06 PM

hi, i would like to know if i can attach a domain to R2 and still keep my files in private mode?

ajeesh

02/19/2023, 4:07 PM

right now, i have atatched the domain, but the files are now publicaly accessible if they have the key name, i was previously using signed urls for providing the download feature.

Erisa | Support Engineer

02/19/2023, 4:12 PM

thanks for this hint - i can only reproduce on my real origin when

Automatic Signed Exchanges (SXGs)

is enabled in the dashboard

Erisa | Support Engineer

02/19/2023, 4:13 PM

looks like that feature breaks transform rules

Erisa | Support Engineer

02/19/2023, 4:13 PM

and i have a theory on why...

Deleted User

02/19/2023, 4:13 PM

omg tea

HardAtWork

02/19/2023, 4:38 PM

You can

HardAtWork

02/19/2023, 4:42 PM

In your Worker?

ajeesh

02/19/2023, 5:03 PM

is r2 ready for production env? can we use it as an aws s3 alternative?

Erisa | Support Engineer

02/19/2023, 5:10 PM

yes

Erisa | Support Engineer

02/19/2023, 5:10 PM

R2 is generally available and supports the S3 API: https://developers.cloudflare.com/r2/data-access/s3-api/

ajeesh

02/19/2023, 5:13 PM

but the files get public when we attach a domain to r2 .. how is that reliable?

Erisa | Support Engineer

02/19/2023, 5:16 PM

Erisa | Support Engineer

02/19/2023, 5:16 PM

There are many use cases for wanting a public bucket on a URL

Erisa | Support Engineer

02/19/2023, 5:17 PM

to expose a bucket privately you can write your own logic inn a Cloudflare Worker or add CORS rules and access the S3 API from your client

Erisa | Support Engineer

02/19/2023, 5:17 PM

Missing the feature to have private buckets on custom domains without custom logic doesn't make it not production-ready 😅

ajeesh

02/19/2023, 5:18 PM

yes, how can some one know that? its a major security risk.