How to make a request to a Zero Trust Access protected endpoint via a worker?
We are trying to make a request to a cloudflare access protected endpoint in a worker. We own the endpoint, and we've set up a Service Auth key and secret, and we're setting the CF headers on the HTTP Client.
It appears that the headers are being stripped from the HTTP Client in the worker context, and it just 302's us to the Access page.
Is there any documentation to help us with this? Cloudflare Support says that stripping the headers is correct behaviour, so is there an alternative method to making HTTP requests to a Cloudflare Access protected endpoint from a Cloudflare worker that hasn't been documented?
3 Replies
Just bumping this, our team needs assistance on this one because Cloudflare Support has failed to give us an acceptable answer and they just closed the ticket after giving an irrelevant solution.
Are you doing Service Auth or Allow? It should be Service Allow
We’re using Service Auth. So we generate access credentials for the access project, and use them in our worker’s http client, but they don’t appear to be actually persisting through the cloudflare network. From what I’ve heard, setting cf headers isn’t allowed, but that’s what the docs say to do.
Guessing you meant Service Auth, not sure what Service Allow is.
Hey mate, just following up on whether you just meant Service Auth? Or there’s some other “Service Allow” thing we’ve missed.