No, I would like to use Browser Rendering only. I knew that security issues are there for fetch API.

What would be the best approach to return one answer for a request immediately and then after an external api has answered return another answer? Without workers, I'd probably use server-sent-events + an event emitter but I am not sure that this is the serverless way

someone know what is this?

I mean depends on what your API server needs to do. If simple requests handling then sure

how to fix cors issue when consuming the worker url? it works in a plain get, but if i include a header key value in the request, it throws the Cors error. i also provided the correct cors response

Do you also return CORS headers on

OPTIONS

requests?

no, for now I only use Get, post

That might be why. Your browser may be sending a preflight

OPTIONS

request, which fails.

i removed it including the Head, but still the same Here's what my Web looks like when calling the worker url

No, I mean that your browser itself is sending an

OPTIONS

request, irrespective of your

Access-Control-Allow-Methods

. If you don't handle that in your Worker, then the entire thing fails

no options sent by the browser

during request

I was thinking about using Workers to build an API for a timetabling app that will have to use a sort of DB. I've seen a guide on using Workers with Fauna DB, but I'm not sure if this is good for scalability. Any thoughts?

Hi all, I am getting some extremely weird behaviour.....

echo "${{ parameters.cfAccessClientId }}" | npx wrangler secret put cfAccessClientId
                  echo "${{ parameters.cfAccessClientSecret }}" | npx wrangler secret put cfAccessClientSecret

if I set secrets like this, I can return them in response and they show... But I am not able to use them in a request to bypass cloudflare zero trust.... however if I set them as env variables when deploying like this

npx wrangler deploy `
                    --var cfAccessClientId:"${{ parameters.cfAccessClientId }}" `
                    --var cfAccessClientSecret:"${{ parameters.cfAccessClientSecret }}"

it works absolutely fine...... how is this possible??

Also to add I am accessing both through env. Assuming this is the correct way for both?:

Workers scale very easily not sure about Fauna DB but if it does then it should be good

What about GraphQL, does that work with Workers?

Seems good, thanks

I decided to send the secret to a test webhook on webhook.site, here I realised

\ufeff

was being added to the front. No idea why tho

am i doing something wrong?

cron triggers dont work

if you are doing a CORS request, your browser is automatically sending an OPTIONS request

Workers is only for "simple requests"? 🙂

anyone? please help 🥲

so having a key value request header will not work? i put the worker key value in querystring, does this workaround is the best practice ? does jwt will also work or I will be having a CORS issue once I implement it?

you just need to implement CORS correctly. you aren't even handling the CORS preflight request so of course it won't work

personally I call this function on all responses before returning them to the client:

js
const enableCORS = (request, response) => {
  const origin = request.headers.get("origin") || "";

  const isAllowedOrigin =
    origin === "http://localhost:3000" ||
    origin.endsWith(".example.com");

  if (isAllowedOrigin) {
    for (const [key, value] of Object.entries({
      "Access-Control-Allow-Origin": origin,
      "Access-Control-Allow-Methods": "POST, DELETE, GET, OPTIONS",
      "Access-Control-Allow-Headers": "*",
    })) {
      response.headers.append(key, value);
    }
  }

  return response;
};

and in my route handling I have a simple

js
if (request.method === "OPTIONS") {
  return new Response("ok");
}

and this is what ties it together...

js
const response = await handleRequest(request, env, context, sentry);

return enableCORS(request, response);

thank you can I try this ?