Uncaught Error: Disallowed operation called within global scope with hono/jwt in CloudflareWorkers

[yamato0211]

What version of Hono are you using?

4.0.2

What runtime/platform is your app running on?

Cloudflare Workers

What steps can reproduce the bug?

import { Hono } from 'hono'
import { sign } from 'hono/jwt'

const app = new Hono()

app.get('/', async (c) => {
  const payload = {
    sub: 'user123',
    role: 'admin',
  }
  const secret = 'mySecretKey'
  const token = await sign(payload, secret)
  return c.json({ token }, 200)
})

export default app

The above code calls the sign function of hono/jwt and creates an endpoint that creates and returns a JWT token.

Run a local environment for CloudflareWorkers. The package manager is pnpm.

What is the expected behavior?

Ability to create JWT tokens by calling the sign function within Hono's handler.

What do you see instead?

I ran the above code in the local environment of CloudflareWorkers and got the following error.

⎔ Starting local server...
[wrangler:inf] Ready on http://localhost:8787
✘ [ERROR] service core:user:carcharhinus: Uncaught Error: Disallowed operation called within global scope. Asynchronous I/O (ex: fetch() or connect()), setting a timeout, and generating random values are not allowed within global scope. To fix this error, perform this operation within a handler. https://developers.cloudflare.com/workers/runtime-apis/handlers/

    at null.<anonymous> (index.js:27321:29)

✘ [ERROR] MiniflareCoreError [ERR_RUNTIME_FAILURE]: The Workers runtime failed to start. There is likely additional logging output above.

It is suggested to use it in the handler instead of the global scope, but I am getting an error even though I am using it in a Hono handler.

Additional information

The error about hono/jwt confirms that there is also an error about the JWT Auth Middleware.

I confirmed the same error as above when I run it in Cloudflare Workers local environment using jwt Middleware as per the official documentation.

import { Hono } from 'hono'
import { jwt } from 'hono/jwt'

const app = new Hono()

app.use(
  '/auth/*',
  jwt({
    secret: 'it-is-very-secret',
  })
)

app.get('/auth/page', (c) => {
  return c.text('You are authorized')
})

export default app

[joaopaulodotbs]

Same problem here.

The same in versions 20 and 21 of Node.js. Other versions have not been tested.

[Kurichi]

I've tested with the same code and it seems that this issue occurs starting from version 4.0.2 onwards. Versions 4.0.1 and below worked correctly.

[ryuapp]

It's weird, but it works by removing import syntax in node_modules/hono/src/adapter/deno/ssg.js

[yusukebe]

This error is most probably caused by a change in Wrangler's behavior, not Hono's code, but it works fine on the Bun.

[yusukebe]

Hi @yamato0211 @hayatocodejp @Kurichi @ryuapp

This might be fixed by #2238 . Cookie Helper was not imported correctly in the JWT middleware.

I'll release the next patch version that includes the change maybe tomorrow. Thanks!

[pathakkar01]

Hi @yusukebe, Is this issue really fixed, I am still getting the same error when I tried to call sign method of JWT. or do I miss anything else.

Hono Version used : 4.2.0

[yusukebe]

Hi @pathakkar01

Super sorry. It's a bug. #2458 fixed the bug and I've released the new version 4.2.1 now. Please try it.

[pathakkar01]

@yusukebe , thanks for quick support, it is working now

[ronitrajfr]

@yusukebe, thank you man, working fine

[decoded-satapathy]

Thanks @yusukebe. Can someone tell me what was causing this bug, I am a newbie to this.

[braden-w]

If anyone ever has this issue and it persists (not related to a hono issue), really look deep in your code for any hidden randomly generated values that are initialized right when the server runs. I looked hard and realized I had a hidden nanoid() call at the top level:

const DEFAULT_PAGE_VALUES = {
    id: nanoid(),
    ...
}

moving forward, you can still use nanoid, just be sure to do so inside a function rather than in the top level.