Cloudflare Docs
Workers
Cloudflare Docs
Workers
Search icon (depiction of a magnifying glass)
GitHub icon
Visit Workers on GitHub
Set theme to dark (⇧+D)
  1. Products  >  
  2. Workers  >  
  3. Examples  >  
  4. Auth with headers

Auth with headers

Allow or deny a request based on a known pre-shared key in a header. This is not meant to replace the WebCrypto API.
export default {
  async fetch(request) {
    /**
     * @param {string} PRESHARED_AUTH_HEADER_KEY Custom header to check for key
     * @param {string} PRESHARED_AUTH_HEADER_VALUE Hard coded key value
     */
    const PRESHARED_AUTH_HEADER_KEY = 'X-Custom-PSK';
    const PRESHARED_AUTH_HEADER_VALUE = 'mypresharedkey';
    const psk = request.headers.get(PRESHARED_AUTH_HEADER_KEY);


    if (psk === PRESHARED_AUTH_HEADER_VALUE) {
      // Correct preshared header key supplied. Fetch request from origin.
      return fetch(request);
    }
    
    // Incorrect key supplied. Reject the request.
    return new Response('Sorry, you have supplied an invalid key.', {
      status: 403,
    });
  },

};

/**
 * @param {string} PRESHARED_AUTH_HEADER_KEY Custom header to check for key
 * @param {string} PRESHARED_AUTH_HEADER_VALUE Hard coded key value
 */

const PRESHARED_AUTH_HEADER_KEY = 'X-Custom-PSK';

const PRESHARED_AUTH_HEADER_VALUE = 'mypresharedkey';



async function handleRequest(request) {
  const psk = request.headers.get(PRESHARED_AUTH_HEADER_KEY);


  if (psk === PRESHARED_AUTH_HEADER_VALUE) {
    // Correct preshared header key supplied. Fetch request from origin.
    return fetch(request);
  }


  // Incorrect key supplied. Reject the request.
  return new Response('Sorry, you have supplied an invalid key.', {
    status: 403,
  });

}



addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request));

});