I reported to Discord that I was getting an HTTP 401 UNAUTHORIZED immediately upon opening a WebSocket connection (with my Durable Object as the client), but only when I opened the connection from Cloudflare. The same code worked when run with
wrangler dev --local and the code worked when running in a Worker if I opened a connection to something like
wss://echo.websockets.org instead of Discord.
I got a response from Discord staff:
… due to a layered security approach, we’ve intentionally prevented CF workers from connecting to our Gateway sockets. I’ll try to see if we can update our documentation to include this information. Thank you for taking the time to report this issue, and sorry for the inconvenience around this!
I just wanted to report this to the community both to document this issue for other people who run into it, and because it seems like something Cloudflare should potentially consider contacting Discord about – one of the most popular APIs out there apparently sees a security risk in allowing Cloudflare customers to use one of their endpoints?