根據標頭中的已知預共享密鑰允許或拒絕請求。

示例代碼

/**
 * @param {string} PRESHARED_AUTH_HEADER_KEY Custom header to check for key
 * @param {string} PRESHARED_AUTH_HEADER_VALUE Hard coded key value
 */
const PRESHARED_AUTH_HEADER_KEY = "X-Custom-PSK"
const PRESHARED_AUTH_HEADER_VALUE = "mypresharedkey"

async function handleRequest(request) {
    const psk = request.headers.get(PRESHARED_AUTH_HEADER_KEY)

    if (psk === PRESHARED_AUTH_HEADER_VALUE) {
        // Correct preshared header key supplied. Fetch request from origin.
        return fetch(request)
    }

    // Incorrect key supplied. Reject the request.
    return new Response("Sorry, you have supplied an invalid key.", {
        status: 403,
    })
}

addEventListener("fetch", event => {
    event.respondWith(handleRequest(event.request))
})

示例預覽

在請求過程中不帶密鑰訪問，請求被拒絕。

相關參考

• 運行時API：addEventListener
• 運行時API：FetchEvent
• 運行時API：Web Standards
• 運行時API：Fetch
• 運行時API：Response