Snippets help | Cloudflare Developers | Page 1

chilly marten Oct 28, 2024, 4:41 PM

#

Only concern at the moment is exception handling in snippets, what’s the best way?

If any type of error occurs in the snippet how would I know and how should I handle it?

In workers, I’d either catch exceptions and log/report or use tail and send to sentry for example. Can also see error analytics in workers/etc but not for snippets.

vast inlet Oct 28, 2024, 4:45 PM

#

(sorry, just saw your message in the channel)

cc @dense anchor MeowHeartCloudflare

For now I recommend putting a try/catch around your entire snippet - since it can have multiple subrequests now (yayy), what I've done is reserve one subrequest to logging everything from the snippet

chilly marten Oct 29, 2024, 8:04 PM

#

Thank you! I’m finding that snippets are a good way to prevent unwanted traffic hitting workers and running up request count :).

vast inlet Oct 29, 2024, 10:20 PM

#

for that, you can also look at waf rules and api shield, could help block invalid requests early

chilly marten Oct 30, 2024, 12:53 AM

#

Do snippets not return CF-Cache-Status?

chilly marten Oct 31, 2024, 3:36 AM

#

And managed transforms must run after snippets?

dense anchor Oct 31, 2024, 11:05 AM

#

chilly marten Do snippets not return CF-Cache-Status?

cf-cache-status is coming from Cache (Pingora), so if your snippet doesn't go to origin this header won't be present

#

managed transforms run before Snippets: https://developers.cloudflare.com/ruleset-engine/reference/phases-list/

Cloudflare Docs

Phases list | Cloudflare Ruleset Engine docs

The following tables list the phases of Cloudflare products powered by the Ruleset Engine, in the order those phases are executed. Some products such as the Cloudflare Web Application Firewall have more than one associated phase.

chilly marten Nov 2, 2024, 12:02 AM

#

Thanks @dense anchor

With Managed Transforms -> Add security headers it appears that the x-frame-options header for example is still in the response. Should that be the case? If not, might be me.

Other question, I’m trying to set a unique request id header in a snippet then in a worker read that back and continue to pass it along to origin, however in the worker that header is not there. Am I missing something?

dense anchor Nov 26, 2024, 2:00 PM

#

chilly marten Thanks <@930781787553161276> With Managed Transforms -> Add security headers i...

it's not you, managed transforms have two phases: request phase runs before Snippets, response phase runs after Snippets; x-frame-options is added in the response phase, hence you still see this header present

dense anchor Nov 26, 2024, 2:51 PM

#

for Workers <> Snippets, i've tested it and i can access a header that is set by snippet from a worker and it is sent further down the stream to the origin

#

this is my simple snippet:

`export default {
async fetch(request) {
// Get the current timestamp
const timestamp = Date.now();

    // Convert the timestamp to hexadecimal format
    const hexTimestamp = timestamp.toString(16);

    // Clone the request and add the custom header
    const modifiedRequest = new Request(request, {
        headers: new Headers(request.headers)
    });
    modifiedRequest.headers.set("X-Hex-Timestamp", hexTimestamp);

    // Log the custom header for debugging
    console.log(`X-Hex-Timestamp: ${hexTimestamp}`);

    // Pass the modified request to the origin
    const response = await fetch(modifiedRequest);

    return response;
},

};`

#Snippets help