Moves previous warning to Upload File Contents section, puts tip and recs under Create an Upload Session section.

korinne · korinne · commit ba8584412e48 · 2025-03-06T14:14:29.000-08:00
diff --git a/src/content/docs/cloudflare-for-platforms/workers-for-platforms/configuration/static-assets.mdx b/src/content/docs/cloudflare-for-platforms/workers-for-platforms/configuration/static-assets.mdx
@@ -57,12 +57,15 @@ Before sending any file data, you need to tell Cloudflare which files you intend
 - A hash (32-hex characters) representing the file contents
 - The file size in bytes
 
-<Aside type="caution" title="About asset isolation">
-	Cloudflare automatically de-duplicates identical asset hashes within the same
-	account. If an asset with the same hash has already been uploaded, it may be
-	shared across different User Workers **unless explicitly made unique**. If you
-	require full asset isolation, prepend asset hashes with a unique identifier
-	(for example, an account ID or Worker name).
+<Aside type="note" title="Asset Isolation Considerations">
+By default, static assets uploaded to Workers for Platforms are associated with the User Worker they are attached to. However, if multiple User Workers exist under the same account, assets with identical hashes may be shared across them.
+
+If strict isolation between User Workers is required, we recommend:
+
+- **Prefixing asset hashes** with an account-specific or worker-specific identifier to ensure uniqueness.
+- **Ensuring JWT tokens for asset uploads are only issued to trusted platform services**, and not directly exposed to end-users.
+- **Explicitly documenting asset-sharing expectations** for your customers if cross-project asset reuse is intended.
+
 </Aside>
 
 #### Example manifest (JSON)
@@ -135,6 +138,14 @@ If the response to the Upload Session API returns `buckets`, that means you have
 
 Use the [Workers Assets Upload API](https://developers.cloudflare.com/api/resources/workers/subresources/assets/subresources/upload/) to transmit the raw file bytes in base64-encoded format for any missing or changed files. Once uploaded, Cloudflare will store these files so they can then be attached to a User Worker.
 
+<Aside type="caution">
+	Cloudflare automatically de-duplicates identical asset hashes within the same
+	account. If an asset with the same hash has already been uploaded, it may be
+	shared across different User Workers unless **explicitly made unique**. If you
+	require full asset isolation, prepend asset hashes with a unique identifier
+	(for example, an account ID or Worker name).
+</Aside>
+
 #### API Request Authentication
 
 Unlike most Cloudflare API calls that use an account-wide API token in the Authorization header, uploading file contents requires using the short-lived JWT token returned in the `jwt` field of the `assets-upload-session` response.
