I thought so too

Switching to a completely synchronous flow fixed it, and it's not that slow, so it's not a big deal.

Just feels like Workers has so many little weird issues I keep hitting.

Probably worth posting in #940663374377783388 - I can't see that error in the runtime so likely thrown from something else in the stack

Hi, I've got a worker that needs to send https requests to a backend api server with an invalid ssl certificate (invalid certificate authority). I've looked at #1052656806058528849 and someone had a quite similar case where he/she made use of

NODE_EXTRA_CA_CERTS

env variable. I tried this as well but that didn't help either. I really want to refrain from turning of ssl validation (using

NODE_TLS_REJECT_UNAUTHORIZED

)

Is there perhaps any way to make this work? Feel free to let me know if you need me to provide any code or so (I'm using the fetch api to send the request)

I'm not aware of anything in Workers that'd let you fetch HTTPS when it has an invalid certificate

Thanks! In that case I'll look at other options, I spent days trying to get a valid certificate for that server but nothing worked yet, even the provider couldn't help me fix it so far

Is there some way to generate a secret for workers serverside? For instance

ts
export const storage = createCookieSessionStorage({
  cookie: {
    name: "session",
    secure: import.meta.env.PROD,
    secrets: [import.meta.env.SECRET], // I do not need nor want to know this
    sameSite: "lax",
    path: "/",
    maxAge: 60 * 60 * 24 * 30, // 30 days
    httpOnly: true
  }
});

Try this(replace

pnpm

with

npm run

, or your package manager of choice:

sh
head -c128 /dev/random | base64 | pnpm wrangler secret put SECRET

oooh smart

I'm hoping the CryptoKey bindings will allow us to generate a private key server side eventually. https://kian.org.uk/cryptokey-bindings-in-cloudflare-workers-importkey-at-publish-time/

It's very limited in terms of situations where you can use mTLS, but if you can, this is the best IMO. https://developers.cloudflare.com/workers/runtime-apis/mtls/

I expect it’ll be the same as mTLS where you can upload it with Wrangler - eventually

question, how can I ensure that my Worker is being accessed with a valid mTLS cert? (i.e. the reverse of the link I just posted.)

it’ll be in req.cf

you could also do it on the firewall side with an mTLS rule

ah,

request.cf?.tlsClientAuth

?

Something like that - I’d just do

return Response.json(req.cf)

whilst testing and see what it returns

Id recommend doing what Skye said too

Stopping a bad request at the WAF won’t bill you for a Worker request

Total Upload: 6054.66 KiB / gzip: 531.34 KiB

How bad is this for perf? 😛

should be fine

add

minify = true

in wrangler.toml if you aren't already minifying yourself for extra space savings

huh nice

Total Upload: 2639.50 KiB / gzip: 374.98 KiB

any downside with using

node_compat = true

?

adds lots of large polyfills you probably don't want/need

shouldn't impact stability though right?

Is JS parsing included in CPU time measurements for billing and limits?