thanks erisa!

Hey guys! I'm doing a post request on my worker to handle images upload to Cloudflare images.

js
router.post('/', async (req: Request, env: Env) => {
  const formData = await req.formData?.()
// .....
}

I keep getting the following error

TypeError: Parsing a Body as FormData requires a Content-Type header.

, even though I am sending Content-Type header. Any ideas?

Is anyone else having problems with workers getting scanned?

I had the websocket open and I came back to probably 50 requests like this

and even some lookng for sensitive paths

It's because new workers get TLS certificates issued for them (wildcard on the worker name, i.e *.worker name.yourworkersubdomain.workers.dev, I think intended for when environments get added so you could have prod.workername...), and some bots just watch the certificate transparency (ct) logs and instantly scan

is there some prevention that can be done on cloudflares side?

It's just an initial rush of traffic on new workers / renewals, and of course your worker isn't vulnerable to any of those so it doesn't really matter

You could disable your workers.dev route, and use an http route or custom domain (note worker custom domains do also issue certificates unless you delete the ones they create). On your own domain the default WAF rulesets (Pro or higher) or even just some simple firewall rules would block most of those

It's not really anything to be too worried about imo, usually it's just a few hundred requests max on new workers / renewal

On a Cloudflare Pages site (on a custom domain), I'm making an API request to a Worker (on a custom domain) via fetch(), with cache everything and cachettl set. The response object has some Cloudflare headers on it - cf-priority, cf-ray, server - but no

CF-Cache-Status

. I was expecting to see that to verify if the request was cached or not. What have I missed, please?

can workers establish websocket connections to external websocket servers?

Yes: https://developers.cloudflare.com/workers/learning/using-websockets/#writing-a-websocket-client

what version of node should i use with workers

For local dev with

wrangler

? The latest 16 or 18 would probably be your best bet

If I want to decrypt a file that was uploaded to a cloudflare worker, what crypto libraries are available in Cloudflare Workers? Are workers just a nodejs environment?

They're not nodejs, no - they're similar in that they both use V8, but it's not natively node and you won't have access to Node's

crypto

for example.

Workers support the Web Crypto APIs however: https://developers.cloudflare.com/workers/runtime-apis/web-crypto/

What is the cost of web crypto? Are there any other alternatives? decryption for RSA seems limited

There's no additional cost, outside of the CPU time limits. Within bundled (50ms CPU), you might not be able to do much and it might require you to use the Unbound pricing model instead

As for alternatives, I'm sure someone has written RSA libraries in pure JS that could work. https://github.com/travist/jsencrypt for example. I've not used it so I couldn't speak to the security or implementation, and it's likely to be slower than a more native solution

why would i get EADDRINUSE doing wrangler publish ? Never had this happen before

This typically means there is another wrangler running somewhere using the same port

can I use dotenv with cloudflare workers?

yeah but how? Im using vscode terminal, not running wrangler dev either