In cloudflare/workers-sdk#4812 we tried to fix the Origin headers to match the Host header but were overzealous and rewrote Origin headers for external origins (outside of the proxy server's origin).
This is now fixed, and moreover we rewrite any headers that refer to the proxy server on the request with the configured host and vice versa on the response.
This should ensure that CORS is not broken in browsers when a different host is being simulated based on routes in the Wrangler configuration.
initially getBindingsProxy was supposed to only provide proxies for bindings,
the utility has however grown, including now cf, ctx and caches, to
clarify the increased scope the utility is getting renamed to getPlatformProxy
and its bindings field is getting renamed env
note: getBindingProxy with its signature is still kept available, making this
a non breaking change
#4962d6585178 Thanks @mrbbot! - fix: ensure wrangler dev can reload without crashing when importing node:* modules
The previous Wrangler release introduced a regression that caused reloads to fail when importing node:* modules. This change fixes that, and ensures these modules can always be resolved.
Previously, Wrangler treated any imports of node:* modules as build-time errors (unless one of the two Node.js compatibility modes was enabled). This is sometimes overly aggressive, since those imports are often not hit at runtime (for instance, it was impossible to write a library that worked across Node.JS and Workers, using Node packages only when running in Node). Here's an example of a function that would cause Wrangler to fail to build:
In cloudflare/workers-sdk#4812 we tried to fix the Origin headers to match the Host header but were overzealous and rewrote Origin headers for external origins (outside of the proxy server's origin).
This is now fixed, and moreover we rewrite any headers that refer to the proxy server on the request with the configured host and vice versa on the response.
This should ensure that CORS is not broken in browsers when a different host is being simulated based on routes in the Wrangler configuration.
initially getBindingsProxy was supposed to only provide proxies for bindings,
the utility has however grown, including now cf, ctx and caches, to
clarify the increased scope the utility is getting renamed to getPlatformProxy
and its bindings field is getting renamed env
note: getBindingProxy with its signature is still kept available, making this
a non breaking change
#4962d6585178 Thanks @mrbbot! - fix: ensure wrangler dev can reload without crashing when importing node:* modules
The previous Wrangler release introduced a regression that caused reloads to fail when importing node:* modules. This change fixes that, and ensures these modules can always be resolved.
Previously, Wrangler treated any imports of node:* modules as build-time errors (unless one of the two Node.js compatibility modes was enabled). This is sometimes overly aggressive, since those imports are often not hit at runtime (for instance, it was impossible to write a library that worked across Node.JS and Workers, using Node packages only when running in Node). Here's an example of a function that would cause Wrangler to fail to build:
export function randomBytes(length: number) {
if (navigator.userAgent !== "Cloudflare-Workers") {
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/berrysauce/justatemp/network/alerts).
Bumps undici to 5.28.3 and updates ancestor dependency wrangler. These dependencies need to be updated together.
Updates
undici
from 5.28.2 to 5.28.3Release notes
Sourced from undici's releases.
Commits
e71cb4c
Bumped v5.28.320c65b8
Fix tests for Node.js v20.11.0 (#2618)8ec52cd
Fix tests for Node.js v21 (#2609)d3aa574
Merge pull request from GHSA-3787-6prv-h9w3Updates
wrangler
from 2.21.0 to 3.28.2Release notes
Sourced from wrangler's releases.
... (truncated)
Changelog
Sourced from wrangler's changelog.
... (truncated)
Commits
96b18a7
Version Packages (#4964)315a651
chore: renamegetBindingsProxy
togetPlatformProxy
(#5002)7ad8ddd
chore: bump vite and vitest to latest versions (#4899)bfeefe2
chore: add missingdefineNavigatorUserAgent
dependency to useEsbuild hook (...3669232
Ensure custom build failures are marked as user errors (#4966)593c3aa
Update prefixes for e2e tests to cleanup all e2e workers (#4955)05f8acb
Acclimatize kv-asset-handler with workers-sdk05360e4
fix: ensure we do not rewrite external Origin headers in wrangler dev (#4950)96c8cfb
Version Packages (#4961)d658517
fix: ensure worker reloads when importingnode:*
modules (#4962)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show