Make cached URL accessible to workers only?

Say an URL is cached by cloudflare. Can I restrict access to to it from workers only?

I know I can restrict access to my origin URLs by allowing only Cloudflare IPs, but what about the CACHED urls?

P.S. I mean without buying the Enterprise plan of course

Why would you want to do that? Or better put, what would be the reason for doing such a thing? Because the answer depends on the use case…

B/c I want to control permissions. The worker code will check if user is allowed to see it based on secret header or a cookie. @matteo

Let me understand things more: you want a worker running on an URL (let’s call it A) reply with something he gets from another URL (let’s say B). B then replies only if A is the source and doesn’t if it’s a direct request?

So A queries B which replies only if A and not if it’s direct from the user?

The best solution here would be some sort of private token as a query string, note that if A and B are on the same domain the check for B needs to be done server side as the eventual Worker on B wouldn’t trigger, but would go directly to the origin.

With a traditional setup, you’d normally be able to add Vary: Cookie to your response headers to keep a separate copy of the page in the cache for each unique session cookie. If you’re using a special header, you can put that in place of Cookie–just keep in mind that anyone will be able to see the name of the header even if they don’t have it set. However, I don’t know if/how that works with Workers.

Yeah, except for “B” is Cloudflare’s cache, not my server.