Request
The Request
interface represents an HTTP request and is part of the Fetch API.
Background
The most common way you will encounter a Request
object is as a property of an incoming request:
export default { async fetch(request, env, ctx) { return new Response('Hello World!'); },
};
You may also want to construct a Request
yourself when you need to modify a request object, because the incoming request parameter is immutable.
export default { async fetch(request, env, ctx) { const url = "https://example.com"; const modifiedRequest = new Request(url, request); // ... },
};
The fetch() handler
invokes the Request
constructor. The RequestInit
and RequestInitCfProperties
types defined below also describe the valid parameters that can be passed to the fetch() handler
.
Constructor
let request = new Request(input, options)
Parameters
input
string | Request
- Either a string that contains a URL, or an existing
Request
object.
- Either a string that contains a URL, or an existing
options
options
- Optional options object that contains settings to apply to the
Request
.
- Optional options object that contains settings to apply to the
options
An object containing properties that you want to apply to the request.
- Cloudflare-specific properties that can be set on the
Request
that control how Cloudflare’s global network handles the request.
- Cloudflare-specific properties that can be set on the
method
string
- The HTTP request method. The default is
GET
. In Workers, all HTTP request methods are supported, except forCONNECT
.
- The HTTP request method. The default is
headers
Headers
body
string | ReadableStream | FormData | URLSearchParams
- The request body, if any.
- Note that a request using the GET or HEAD method cannot have a body.
redirect
string
- The redirect mode to use:
follow
,error
, ormanual
. The default for a newRequest
object isfollow
. Note, however, that the incomingRequest
property of aFetchEvent
will have redirect modemanual
.
- The redirect mode to use:
The cf
property (RequestInitCfProperties
)
An object containing Cloudflare-specific properties that can be set on the Request
object. For example:
// Disable ScrapeShield for this request.
fetch(event.request, { cf: { scrapeShield: false } })
Invalid or incorrectly-named keys in the cf
object will be silently ignored. Consider using TypeScript and @cloudflare/workers-types
to ensure proper use of the cf
object.
apps
boolean
- Whether Cloudflare Apps should be enabled for this request. Defaults to
true
.
- Whether Cloudflare Apps should be enabled for this request. Defaults to
cacheEverything
boolean
- Treats all content as static and caches all file types beyond the Cloudflare default cached content. Respects cache headers from the origin web server. This is equivalent to setting the Page Rule Cache Level (to Cache Everything). Defaults to
false
. This option applies toGET
andHEAD
request methods only.
- Treats all content as static and caches all file types beyond the Cloudflare default cached content. Respects cache headers from the origin web server. This is equivalent to setting the Page Rule Cache Level (to Cache Everything). Defaults to
cacheKey
string
- A request’s cache key is what determines if two requests are the same for caching purposes. If a request has the same cache key as some previous request, then Cloudflare can serve the same cached response for both.
cacheTags
Array<string>
- This option appends additional Cache-Tag headers to the response from the origin server. This allows for purges of cached content based on tags provided by the Worker, without modifications to the origin server. This is performed using the Purge by Tag feature, which is currently only available to Enterprise zones. If this option is used in a non-Enterprise zone, the additional headers will not be appended.
cacheTtl
number
- This option forces Cloudflare to cache the response for this request, regardless of what headers are seen on the response. This is equivalent to setting two Page Rules: Edge Cache TTL and Cache Level (to Cache Everything). The value must be zero or a positive number. A value of
0
indicates that the cache asset expires immediately. This option applies toGET
andHEAD
request methods only.
- This option forces Cloudflare to cache the response for this request, regardless of what headers are seen on the response. This is equivalent to setting two Page Rules: Edge Cache TTL and Cache Level (to Cache Everything). The value must be zero or a positive number. A value of
cacheTtlByStatus
{ [key: string]: number }
- This option is a version of the
cacheTtl
feature which chooses a TTL based on the response’s status code. If the response to this request has a status code that matches, Cloudflare will cache for the instructed time and override cache instructives sent by the origin. For example:{ "200-299": 86400, "404": 1, "500-599": 0 }
. The value can be any integer, including zero and negative integers. A value of0
indicates that the cache asset expires immediately. Any negative value instructs Cloudflare not to cache at all. This option applies toGET
andHEAD
request methods only.
- This option is a version of the
image
Object | null
- Enables Image Resizing for this request. The possible values are described in Transform images via Workers documentation.
minify
{ javascript?: boolean; css?: boolean; html?: boolean; }
- Enables or disables AutoMinify for various file types. For example:
{ javascript: true, css: true, html: false }
.
- Enables or disables AutoMinify for various file types. For example:
mirage
boolean
- Whether Mirage should be enabled for this request, if otherwise configured for this zone. Defaults to
true
.
- Whether Mirage should be enabled for this request, if otherwise configured for this zone. Defaults to
polish
string
- Sets Polish mode. The possible values are
lossy
,lossless
oroff
.
- Sets Polish mode. The possible values are
resolveOverride
string
- Directs the request to an alternate origin server by overriding the DNS lookup. The value of
resolveOverride
specifies an alternate hostname which will be used when determining the origin IP address, instead of using the hostname specified in the URL. TheHost
header of the request will still match what is in the URL. Thus,resolveOverride
allows a request to be sent to a different server than the URL /Host
header specifies. However,resolveOverride
will only take effect if both the URL host and the host specified byresolveOverride
are within your zone. If either specifies a host from a different zone / domain, then the option will be ignored for security reasons. If you need to direct a request to a host outside your zone (while keeping theHost
header pointing within your zone), first create a CNAME record within your zone pointing to the outside host, and then setresolveOverride
to point at the CNAME record. Note that, for security reasons, it is not possible to set theHost
header to specify a host outside of your zone unless the request is actually being sent to that host.
- Directs the request to an alternate origin server by overriding the DNS lookup. The value of
scrapeShield
boolean
- Whether ScrapeShield should be enabled for this request, if otherwise configured for this zone. Defaults to
true
.
- Whether ScrapeShield should be enabled for this request, if otherwise configured for this zone. Defaults to
webp
boolean
Properties
All properties of an incoming Request
object (that is, event.request
) are read only. To modify a request, create a new Request
object and pass the options to modify to its constructor.
body
ReadableStream
- Stream of the body contents.
bodyUsed
Boolean
- Declares whether the body has been used in a response yet.
cf
IncomingRequestCfProperties
- An object containing properties about the incoming request provided by Cloudflare’s global network.
headers
Headers
<aside class="DocsMarkdown--aside" role="note" data-type="warning"><p>If the response is a redirect and the redirect mode is set to <code>follow</code> (see below), then all headers will be forwarded to the redirect destination, even if the destination is a different hostname or domain. This includes sensitive headers like <code>Cookie</code>, <code>Authorization</code>, or any application-specific headers. If this is not the behavior you want, you should set redirect mode to <code>manual</code> and implement your own redirect policy. Note that redirect mode defaults to <code>manual</code> for requests that originated from the Worker’s client, so this warning only applies to <code>fetch()</code>es made by a Worker that are not proxying the original request.</p>
method
string
- Contains the request’s method, for example,
GET
,POST
, etc.
- Contains the request’s method, for example,
redirect
string
- The redirect mode to use:
follow
,error
, ormanual
. Thefetch
method will automatically follow redirects if the redirect mode is set tofollow
. If set tomanual
, the3xx
redirect response will be returned to the caller as-is. The default for a newRequest
object isfollow
. Note, however, that the incomingRequest
property of aFetchEvent
will have redirect modemanual
.
- The redirect mode to use:
url
string
- Contains the URL of the request.
IncomingRequestCfProperties
In addition to the properties on the standard Request
object, the request.cf
object on an inbound Request
contains information about the request provided by Cloudflare’s global network.
All plans have access to:
asn
Number
- ASN of the incoming request, for example,
395747
.
- ASN of the incoming request, for example,
asOrganization
string
- The organization which owns the ASN of the incoming request, for example,
Google Cloud
.
- The organization which owns the ASN of the incoming request, for example,
botManagement
Object | null
- Only set when using Cloudflare Bot Management. Object with the following properties:
score
,verifiedBot
,staticResource
,ja3Hash
, anddetectionIds
. Refer to Bot Management Variables for more details.
- Only set when using Cloudflare Bot Management. Object with the following properties:
clientAcceptEncoding
string | null
- If Cloudflare replaces the value of the
Accept-Encoding
header, the original value is stored in theclientAcceptEncoding
property, for example,"gzip, deflate, br"
.
- If Cloudflare replaces the value of the
colo
string
- The three-letter
IATA
airport code of the data center that the request hit, for example,"DFW"
.
- The three-letter
country
string | null
- Country of the incoming request. The two-letter country code in the request. This is the same value as that provided in the
CF-IPCountry
header, for example,"US"
.
- Country of the incoming request. The two-letter country code in the request. This is the same value as that provided in the
isEUCountry
string | null
- If the country of the incoming request is in the EU, this will return
"1"
. Otherwise, this property will be omitted.
- If the country of the incoming request is in the EU, this will return
httpProtocol
string
- HTTP Protocol, for example,
"HTTP/2"
.
- HTTP Protocol, for example,
requestPriority
string | null
- The browser-requested prioritization information in the request object, for example,
"weight=192;exclusive=0;group=3;group-weight=127"
.
- The browser-requested prioritization information in the request object, for example,
tlsCipher
string
- The cipher for the connection to Cloudflare, for example,
"AEAD-AES128-GCM-SHA256"
.
- The cipher for the connection to Cloudflare, for example,
tlsClientAuth
Object | null
- Only set when using Cloudflare Access or API Shield (mTLS). Object with the following properties:
certFingerprintSHA1
,certFingerprintSHA256
,certIssuerDN
,certIssuerDNLegacy
,certIssuerDNRFC2253
,certIssuerSKI
,certIssuerSerial
,certNotAfter
,certNotBefore
,certPresented
,certRevoked
,certSKI
,certSerial
,certSubjectDN
,certSubjectDNLegacy
,certSubjectDNRFC2253
,certVerified
.
- Only set when using Cloudflare Access or API Shield (mTLS). Object with the following properties:
tlsClientHelloLength
string
- The length of the client hello message sent in a TLS handshake. For example,
"508"
. Specifically, the length of the bytestring of the client hello.
- The length of the client hello message sent in a TLS handshake. For example,
tlsClientRandom
string
- The value of the 32-byte random value provided by the client in a TLS handshake. Refer to RFC 8446 for more details.
tlsVersion
string
- The TLS version of the connection to Cloudflare, for example,
TLSv1.3
.
- The TLS version of the connection to Cloudflare, for example,
city
string | null
- City of the incoming request, for example,
"Austin"
.
- City of the incoming request, for example,
continent
string | null
- Continent of the incoming request, for example,
"NA"
.
- Continent of the incoming request, for example,
latitude
string | null
- Latitude of the incoming request, for example,
"30.27130"
.
- Latitude of the incoming request, for example,
longitude
string | null
- Longitude of the incoming request, for example,
"-97.74260"
.
- Longitude of the incoming request, for example,
postalCode
string | null
- Postal code of the incoming request, for example,
"78701"
.
- Postal code of the incoming request, for example,
metroCode
string | null
- Metro code (DMA) of the incoming request, for example,
"635"
.
- Metro code (DMA) of the incoming request, for example,
region
string | null
- If known, the ISO 3166-2 name for the first level region associated with the IP address of the incoming request, for example,
"Texas"
.
- If known, the ISO 3166-2 name for the first level region associated with the IP address of the incoming request, for example,
regionCode
string | null
- If known, the ISO 3166-2 code for the first-level region associated with the IP address of the incoming request, for example,
"TX"
.
- If known, the ISO 3166-2 code for the first-level region associated with the IP address of the incoming request, for example,
timezone
string
- Timezone of the incoming request, for example,
"America/Chicago"
.
- Timezone of the incoming request, for example,
Methods
Instance methods
These methods are only available on an instance of a Request
object or through its prototype.
clone()
:Promise<Request>
- Creates a copy of the
Request
object.
- Creates a copy of the
arrayBuffer()
:Promise<ArrayBuffer>
- Returns a promise that resolves with an
ArrayBuffer
representation of the request body.
- Returns a promise that resolves with an
formData()
:Promise<FormData>
- Returns a promise that resolves with a
FormData
representation of the request body.
- Returns a promise that resolves with a
json()
:Promise<Object>
- Returns a promise that resolves with a JSON representation of the request body.
text()
:Promise<string>
- Returns a promise that resolves with a string (text) representation of the request body.
The Request
context
Each time a Worker is invoked by an incoming HTTP request, the fetch()
handler is called on your Worker. The Request
context starts when the fetch()
handler is called, and asynchronous tasks (such as making a subrequest using the fetch() API
) can only be run inside the Request
context:
export default { async fetch(request, env, ctx) { // Request context starts here return new Response('Hello World!'); },
};
When passing a promise to fetch event .respondWith()
If you pass a Response promise to the fetch event .respondWith()
method, the request context is active during any asynchronous tasks which run before the Response promise has settled. You can pass the event to an async handler, for example:
addEventListener("fetch", event => { event.respondWith(eventHandler(event))
})
// No request context available here
async function eventHandler(event){ // Request context available here return new Response("Hello, Workers!")
}
Errors when attempting to access an inactive Request
context
Any attempt to use APIs such as fetch()
or access the Request
context during script startup will throw an exception:
const promise = fetch("https://example.com/") // Error
async function eventHandler(event){..}
This code snippet will throw during script startup, and the "fetch"
event listener will never be registered.
Set the Content-Length
header
The Content-Length
header will be automatically set by the runtime based on whatever the data source for the Request
is. Any value manually set by user code in the Headers
will be ignored. To have a Content-Length
header with a specific value specified, the body
of the Request
must be either a FixedLengthStream
or a fixed-length value just as a string or TypedArray
.
A FixedLengthStream
is an identity TransformStream
that permits only a fixed number of bytes to be written to it.
const { writable, readable } = new FixedLengthStream(11);
const enc = new TextEncoder(); const writer = writable.getWriter(); writer.write(enc.encode("hello world")); writer.end();
const req = new Request('https://example.org', { method: 'POST', body: readable });
Using any other type of ReadableStream
as the body of a request will result in Chunked-Encoding being used.
Related resources
- Examples: Modify request property
- Examples: Accessing the
cf
object - Reference:
Response
- Write your Worker code in ES modules syntax for an optimized experience.