Feature idea: Whitelisting sub-request domains/path/IP's

Imagine a scenario where you install a script from NPM that you use throughout your Worker script.

Now, what if it uses fetch to send all current objects of your entire app to a third party URI, would you notice it?

On a small script, probably, but on a large script? Probably not.

What if we could white-list which routes our Worker scripts could sub-request towards?

It would:

  • Stop it from sending data to a place it’s not allowed to.
  • Catch errors when sending to legit domains that are miss-spelled (or manipulated due to object poisoning).
  • Make scripts with a lot of requests more predictable (we have a map of all allowed domains/IPs).

What do you think?

kind like outbound firewall…

yarn audit
npm audit

would catch some of the known security cases.

You can always(should) inspect the fetches your workers do by inspecting on the Workers Dashboard Editor, Network tab, while in development.

Basically, but with a little more control.
Cloudflare already provide inbound firewall for Pro users even on Routes.

The NPM registry is one thing, but there’s also preventing employees from making mistakes or go rouge.