[Workers] Add Cloudflare Access for Workers changelog#31822
Conversation
Review✅ No issues found in commit Code ReviewThis code review is in beta and may not always be helpful — use your judgment. No code review issues found. ConventionsChecks PR title, description, and redirect checklist. No convention issues found. Style Guide ReviewNo style-guide issues found. RedirectsNo missing redirect entries found. CommandsOnly codeowners can run commands. Post a comment with the command to trigger it.
|
|
This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:
|
|
Preview URL: https://4d1a593b.preview.developers.cloudflare.com Files with changes (up to 15) |
|
Note: I will add the link to the Access dev docs before merging! |
|
CI run failed: build logs |
Broken LinksFound 1 broken link(s) across 1 file(s).
|
| import { Width } from "~/components"; | ||
| import { Image } from "astro:assets"; | ||
| import protectAllWorkers from "~/assets/images/changelog/workers/protect-all-workers.png"; | ||
| import protectOneWorker from "~/assets/images/changelog/workers/protect-one-worker.png"; |
There was a problem hiding this comment.
I feel like this isn't normally how we embed images in changelogs? but probably not a big deal if it works
| You now have two new ways to protect your Workers with Cloudflare Access. With these you can: | ||
|
|
||
| - Set an Access policy on preview deployments only, or on both preview and production deployments. | ||
| - Control who can sign in by Cloudflare account membership, email address, or email domain. |
There was a problem hiding this comment.
is it worth calling out that you can do more expressive policies in the ZT dash?
|
|
||
| **Protect a single Worker across all its domains at once** | ||
|
|
||
| Until now, if a Worker was reachable on a route, a Custom Domain, and a `workers.dev` URL, you had to create a separate Access application for each one. Now you apply one Access policy to the Worker itself. You can choose to apply it to all preview URLs associated with the Worker, or to both previews and production. |
There was a problem hiding this comment.
I'd call out the explicit payoff of this. it means that Worker+Access apps no longer have a fragile URL matching link. Changing a domain won't impact Access app coverage
Adds a changelog entry for Cloudflare Access for Workers with updated copy and screenshots.
Changes
2026-06-28-workers-access.mdxSummary
You can now protect a Worker with Cloudflare Access directly. Enabling Access on a Worker requires sign-in before anyone can reach it, and automatically covers every domain associated with it: routes, Custom Domains, and its
workers.devhostname.