cloudflare-workers-security

Solid

Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.

DevOps & Infrastructure 168 stars 27 forks Updated 4 weeks ago MIT

Install

View on GitHub

Quality Score: 89/100

Stars 20%

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Cloudflare Workers Security Comprehensive security patterns for protecting Workers and APIs. ## Quick Security Checklist ```typescript // 1. Validate all input const validated = schema.parse(await request.json()); // 2. Authenticate requests const user = await verifyToken(request.headers.get('Authorization')); if (!user) return new Response('Unauthorized', { status: 401 }); // 3. Rate limit const limited = await rateLimiter.check(clientIP); if (!limited.allowed) return new Response('Too Many Requests', { status: 429 }); // 4. Add security headers response.headers.set('X-Content-Type-Options', 'nosniff'); response.headers.set('X-Frame-Options', 'DENY'); // 5. Use HTTPS-only cookies headers.set('Set-Cookie', 'session=xxx; Secure; HttpOnly; SameSite=Strict'); ``` ## Critical Rules 1. **Never trust client input** - Validate and sanitize everything 2. **Use secure secrets** - Store in Wrangler secrets, never in code 3. **Implement rate limiting** - Protect against abuse 4. **Set security headers** - Prevent common attacks 5. **Use CORS properly** - Don't use `*` in production ## Top 10 Security Errors | Vulnerability | Symptom | Prevention | |---------------|---------|------------| | Missing auth | Unauthorized access | Verify tokens on every request | | SQL injection | Data breach | Use parameterized queries with D1 | | XSS | Script injection | Sanitize output, set CSP | | CORS misconfiguration | Blocked requests or open access | Configure specific origins | | Secret...

Details

Author: secondsky
Repository: secondsky/claude-skills
Created: 7 months ago
Last Updated: 4 weeks ago
Language: TypeScript
License: MIT

Integrates with

Cloudflare · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Solid

api-security-hardening

REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.

168 Updated 4 weeks ago

secondsky

DevOps & Infrastructure Listed

security-best-practices

Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.

353 Updated today

aiskillstore

AI & Automation Listed

cloudflare-workers-security

Security audit for Cloudflare Workers applications covering bindings (KV, D1, R2, Durable Objects, Queues, Vectorize), secrets vs vars in wrangler.toml, Worker routes and zones, request origin validation, CORS, mTLS to origin, Smart Placement, and Workers-specific runtime concerns. Use this skill whenever the user mentions Cloudflare Workers, wrangler, wrangler.toml, KVNamespace, D1Database, R2Bucket, DurableObjectNamespace, Env bindings, c.env, env.MY_KV, or asks "audit my Cloudflare Worker", "Workers security review", "wrangler secrets". Trigger when the codebase contains `wrangler` or `@cloudflare/workers-types` in package.json.

1 Updated 2 weeks ago

hlsitechio