You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-for-platforms/workers-for-platforms/platform/worker-isolation.mdx
+5-7Lines changed: 5 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,15 +13,14 @@ By default, Workers inside of a dispatch namespace are considered "untrusted." T
13
13
In untrusted mode:
14
14
15
15
- The [`request.cf`](/workers/runtime-apis/request/#incomingrequestcfproperties) object is not available in Workers (see [limits](/cloudflare-for-platforms/workers-for-platforms/platform/limits/#cf-object) for more information)
16
-
- Each Worker has an isolated cache space when using the Cache API
17
-
- Workers cannot access cached responses from other Workers in the namespace
16
+
- Each Worker has an isolated cache, when using the [Cache API](/workers/runtime-apis/cache/) or when making subrequests using `fetch()`, which egress via [Cloudflare's cache](/cache/)
18
17
-[`caches.default`](/workers/reference/how-the-cache-works/#cache-api) is disabled for all Workers in the namespace
19
18
20
19
This mode ensures complete isolation between customer Workers, preventing any potential cross-tenant data access.
21
20
22
21
### Trusted Mode
23
22
24
-
If you control the Worker code and want to disable isolation mode, you can configure the namespace as "trusted".
23
+
If you control the Worker code and want to disable isolation mode, you can configure the namespace as "trusted". This is useful when building internal platforms where your company controls all Worker code.
25
24
26
25
In trusted mode:
27
26
@@ -32,10 +31,6 @@ In trusted mode:
32
31
In trusted mode, Workers can potentially access cached responses from other Workers in the namespace. Only enable this if you control all Worker code or have appropriate cache key isolation strategies.
33
32
:::
34
33
35
-
### Maintaining cache isolation in trusted mode
36
-
If you need access to `request.cf` but want to maintain cache isolation between customers, use customer-specific [cache keys](/workers/examples/cache-using-fetch/#custom-cache-keys) or the [Cache API](/workers/examples/cache-api/) with isolated keys.
37
-
38
-
39
34
To convert a namespace from untrusted to trusted:
40
35
```bash
41
36
curl -X PUT "https://api.cloudflare.com/client/v4/accounts/{account_id}/workers/dispatch/namespaces/{namespace_name}" \
@@ -49,6 +44,9 @@ curl -X PUT "https://api.cloudflare.com/client/v4/accounts/{account_id}/workers/
49
44
50
45
If you enable trusted mode for a namespace that already has deployed Workers, you'll need to redeploy those Workers for the `request.cf` object to become available. Any new Workers you deploy after enabling trusted mode will automatically have access to it.
51
46
47
+
### Maintaining cache isolation in trusted mode
48
+
If you need access to `request.cf` but want to maintain cache isolation between customers, use customer-specific [cache keys](/workers/examples/cache-using-fetch/#custom-cache-keys) or the [Cache API](/workers/examples/cache-api/) with isolated keys.
49
+
52
50
## Related Resources
53
51
*[Platform Limits](/cloudflare-for-platforms/workers-for-platforms/platform/limits) - Understanding script and API limits
54
52
*[Cache API Documentation](/workers/runtime-apis/cache/) - Learn about cache behavior in Workers
0 commit comments