Code Component SSR

Questions

1. Can we access HttpOnly cookies

   • e.g. User Accounts UserID in token

2. Can we access Http Response headers

   • e.g. Reverse proxy headers

Research findings

1. No, by design.

2. Yes, by client-side JS fetch

   1. Inefficient

   2. Won't be the exact current page response

      1. but similar

Notes

Webflow does not expose the request object to Code Components during SSR.

Here's what we learned:

• ✅ Components DO run SSR in Cloudflare Workers

• ❌ No props are passed with request context

• ❌ No global request object is available

• ❌ HttpOnly cookies are inaccessible (by design)

• ✅ Client-side fetch CAN get response headers (18 found!)

The limitation: In Cloudflare Workers SSR, the request object exists at the worker's fetch handler level, but Webflow doesn't expose it to individual React components. This is likely intentional - components are meant to be stateless and cacheable.

What the component CAN do:

• ✅ Show response headers via client-side fetch

• ✅ Show non-httpOnly cookies from document.cookie

SSR Environment

typeof window	undefined
typeof global	object
typeof process	object

Global Objects

globalThis keys	navigator, global, process, Buffer, origin, Cloudflare, performance, scheduler, caches, crypto, self, ServiceWorkerGlobalScope

Cloudflare object

No Request object exposed.

{
  "compatibilityFlags": {
    "formdata_parser_supports_files": true,
    "fetch_refuses_unknown_protocols": true,
    "html_rewriter_treats_esi_include_as_void_tag": false,
    "durable_object_fetch_requires_full_url": true,
    "streams_byob_reader_detaches_buffer": true,
    "streams_enable_constructors": true,
    "workers_api_getters_setters_on_prototype": true,
    "minimal_subrequests": true,
    "no_cots_on_external_fetch": true,
    "url_standard": true,
    "global_navigator": true,
    "capture_async_api_throws": true,
    "r2_public_beta_bindings": true,
    "durable_object_alarms": false,
    "dont_substitute_null_on_type_error": true,
    "transformstream_enable_standard_constructor": true,
    "r2_list_honor_include": true,
    "export_commonjs_default": true,
    "web_socket_compression": true,
    "nodejs_compat": true,
    "tcp_sockets_support": false,
    "response_redirect_url_standard": true,
    "http_headers_getsetcookie": true,
    "dynamic_dispatch_tunnel_exceptions": true,
    "no_cf_botmanagement_default": true,
    "urlsearchparams_delete_has_value_arg": true,
    "strict_compression_checks": true,
    "brotli_content_encoding": true,
    "strict_crypto_checks": true,
    "crypto_preserve_public_exponent": true,
    "vectorize_query_metadata_optional": true,
    "no_global_importscripts": true,
    "nodejs_als": false,
    "queues_json_messages": true,
    "python_workers": false,
    "fetcher_no_get_put_delete": true,
    "unwrap_custom_thenables": true,
    "rpc": true,
    "internal_stream_byob_return_view": true,
    "blob_standard_mime_type": true,
    "fetch_standard_url": true,
    "nodejs_compat_v2": true,
    "global_fetch_strictly_public": false,
    "cache_option_enabled": true,
    "allow_custom_ports": true,
    "internal_writable_stream_abort_clears_queue": true,
    "nodejs_zlib": true,
    "handle_cross_request_promise_resolution": true,
    "set_tostring_tag": true,
    "upper_case_all_http_methods": true,
    "python_external_packages": false,
    "disable_top_level_await_in_require": true,
    "fixup-transform-stream-backpressure": true,
    "cache_no_cache_enabled": false,
    "python_workers_20250116": false,
    "request_cf_overrides_cache_rules": true,
    "unique_ctx_per_invocation": true,
    "queue_consumer_no_wait_for_wait_until": false,
    "nodejs_compat_populate_process_env": true,
    "cache_api_request_cf_overrides_cache_rules": true,
    "disallow_importable_env": false,
    "assets_navigation_prefers_asset_serving": true,
    "cache_api_compat_flags": true,
    "urlpattern_standard": true,
    "enable_weak_ref": true,
    "request_signal_passthrough": false,
    "enable_navigator_language": true,
    "allow_eval_during_startup": true,
    "enable_request_signal": false,
    "nonclass_entrypoint_reuses_ctx_across_invocations": false,
    "bind_asynclocalstorage_snapshot_to_request": true,
    "throw_on_unrecognized_import_assertion": true,
    "python_workflows": false,
    "enable_nodejs_process_v2": false,
    "set_event_target_this": false,
    "set_forwardable_email_full_headers": false,
    "enable_nodejs_http_modules": false,
    "pedantic_wpt": false,
    "expose_global_message_channel": false,
    "enable_nodejs_http_server_modules": false,
    "python_no_global_handlers": false,
    "enable_nodejs_fs_module": false,
    "enable_nodejs_os_module": false,
    "python_workers_force_new_vendor_path": false,
    "remove_nodejs_compat_eol": false,
    "enable_validate_workflow_entrypoint": false,
    "python_dedicated_snapshot": false,
    "enable_nodejs_http2_module": false,
    "strip_authorization_on_cross_origin_redirect": false,
    "remove_nodejs_compat_eol_v22": false,
    "remove_nodejs_compat_eol_v23": false,
    "remove_nodejs_compat_eol_v24": false,
    "enable_nodejs_console_module": false,
    "enable_nodejs_vm_module": false,
    "enable_ctx_exports": false
  }
}