Skip to content

[Miniflare] cf-worker header in local development #4367

Description

@Cherry

In production, Cloudflare Workers attaches the following header to all outgoing requests:

cf-worker: <slug>.workers.dev

This is extremely useful for identifying the worker making the request, but is also used by various services to block workers. That's totally understandable on their part, but when developing in local mode, this header is not attached.

This can result in some pretty gnarly experiences when building an application entirely locally, everything working as expected, and then deploying to production workers and being hit with 403s or other errors from external services now that cf-worker is attached as a header.

One quick example is some Steam endpoints:

$ curl -I "https://steamcommunity.com/openid/login?openid.mode=check_authentication"
HTTP/1.1 200 OK

vs in workers prod:

$ curl -I "https://steamcommunity.com/openid/login?openid.mode=check_authentication" --header "cf-worker: foo"
HTTP/1.1 403 Forbidden

Is this something workerd should emulate when running locally? Or perhaps miniflare/wrangler to better represent a real world environment?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions