Hacker News new | past | comments | ask | show | jobs | submit login

I've done a couple neat (IMO) things with CF workers.

- I use imgix to manipulate images in my app, but some of my users don't want anyone to be able to discover (and steal) the source images. Imgix can't do this natively; all image manipulation instructions are in the URL. So I put a CF worker in front of imgix; my app encrypts the url, the worker decrypts it and proxies.

- A year ago, intercom.io didn't support permissions on their KB articles system. I like intercom's articles but (at the time) wanted to restrict them to actual customers. So I put a CF worker in front that gates based on a cookie set by my app.

These are both trivial, stateless 5-line scripts. I like that I can use CF workers to fundamentally change the behavior of hosted services I rely on. It's almost like being able to edit their code.

Of course, this only works for hosted services that work with custom domains.






> I like intercom's articles but (at the time) wanted to restrict them to actual customers. So I put a CF worker in front that gates based on a cookie set by my app.

Might be against their terms? I rem someone asked if they could treat Workers as a http reverse-proxy to essentially bypass restrictions, and the answer was "no".


Seems unlikely. But if they really want to lose paying customers, that would be one way of doing it.

>These are both trivial, stateless 5-line scripts

Would it be possible to share these scripts? I would love to see them, they sound really helpful/useful


Sure. Here's the help system one (no longer used since intercom now supports permissions, and I opened up the help system anyway):

    addEventListener('fetch', event => {
       event.respondWith(handleRequest(event.request))
     })

    async function handleRequest(request) {
       const cookie = request.headers.get('Cookie');
       if (cookie && cookie.includes('foo=bar')) {
         return await fetch(request);
       } else {
         return new Response('You must log in before accessing this content');
       }
     }
The encrypted URL script is actually a bit longer than "5 lines" (it has been a while) so here's a gist:

https://gist.github.com/stickfigure/af592b1ce7f888c5b8a4efbe...


It’s pretty incredible. You can put it over any site and build your own A/B testing or targeting based on the user or the link used to get to your site.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: