If “Fail Open” mode is active (Pricing | Cloudflare Pages docs)
Once the daily request limit has been reached, Projects in fail open mode will bypass the Function and prevent it from operating on incoming traffic. Incoming requests will behave as if there was no Function, and pass through to the site’s static assets. This is the default configuration for all Pages projects.
I understand from the documentation that my _worker.js file would not be seen
as a static asset, but what about if my _worker.js file imports some others files?
For example, given the following _routes.json
:
{
"version": 1,
"include": [
"/*"
],
"exclude": [
"/assets/*",
"/"
]
}
And the following directory structure:
├── _routes.json
├── _worker.js
├── assets
│ ├── chunks
│ │ └── some-public-file.js
│ └── static
│ └── some-public-file.css
├── index.html
└── server
├── imported-by-_worker.js
└── some-other-private-file.js
In this case, in “Fail open” mode, can the content of server folder be visible, or does it still respect _routes.json?
Concretely, will cloudflare leak my server-side source code(server directory) when an out-of-quota request is made to, for example /server/imported-by-_worker.js?