🐛 BUG: Wrangler dev fails to fetch() #3264
Comments
|
Hey! 👋 Thanks for raising this. I think this issue only affects secure |
|
Wanted to also add this popus up during try/catch but when the whole worker response itself wraps up, it also emits Also WSL (Ubuntu 22) on the same computer works just fine |
|
Same here, unable to use plain "wrangler dev" after uprading to 3.0.0. Using Windows 11. My app also uses fetch() to external APIs. Using "wrangler dev --remote" appears to work with 3.0.0. |
|
im using cloudlflare queues, and --remote does not support queues yet :( catch22 ==> im dead in the water here.... please help |
|
Same issue here: (the URL being fetched here is https://www.patreon.com/api/oauth2/token ) Environment:
|
|
Same issue, Wrangler 3.0.0, local, Windows 11. Command |
|
We probably need the "+1" button for issues at this point 😅 |
I've managed to work around this by downgrading to Wrangler |
`workerd`'s `trustBrowserCas` uses `SSL_CTX_set_default_verify_paths()` to enable the system trust store. Unfortunately, this doesn't work on Windows, meaning any HTTPS `fetch()` would fail, with an `unable to get local issuer certificate` error. This change passes the root certificates from Node's bundled CA store to `workerd` as `trustedCertificates` on Windows. Closes cloudflare/workers-sdk#3264
* Use Node's root certificates on Windows `workerd`'s `trustBrowserCas` uses `SSL_CTX_set_default_verify_paths()` to enable the system trust store. Unfortunately, this doesn't work on Windows, meaning any HTTPS `fetch()` would fail, with an `unable to get local issuer certificate` error. This change passes the root certificates from Node's bundled CA store to `workerd` as `trustedCertificates` on Windows. Closes cloudflare/workers-sdk#3264 * Read extra trusted certificates from `NODE_EXTRA_CA_CERTS` Wrangler passes the Cloudflare root certificate using the `NODE_EXTRA_CA_CERTS` environment variable. This change loads CA certs from this variable, fixing HTTPS `fetch()`s with WARP enabled. This can also be used for trusting self-signed certificates. Closes cloudflare/workers-sdk#3218
Update on Wrangler v3.0.1Test code: export default {
async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
const result = await (await fetch('https://google.com')).text()
console.log(result)
return new Response('Hello World!')
}
}Results in console output: So, it kinda fails, but also works at the same time 🤯 |
|
Reading between the lines of the linked PR #3352, I was able to work around this by adding the following to my "resolutions": {
"miniflare": "3.0.1"
}Probably not the best idea to pin it like this long term, but it allowed me to get back to work. |
|
is there an update to wrangler 3.x to fix this yet? |
|
Hey everyone! 👋 This should be fixed with |
|
@mrbbot appreciate the update, unfortunately even the latest miniflare (3.0.2) doesn't seem to solve the issue either. |
|
if its any clue - it seems exacerbated when I attempt to run workers in the background |
|
For the error I use NixOS, and have created a reproduction at scottwillmoore/cloudflare-workers-with-nix. EDIT: My reproduction uses |
* Use Node's root certificates on Windows `workerd`'s `trustBrowserCas` uses `SSL_CTX_set_default_verify_paths()` to enable the system trust store. Unfortunately, this doesn't work on Windows, meaning any HTTPS `fetch()` would fail, with an `unable to get local issuer certificate` error. This change passes the root certificates from Node's bundled CA store to `workerd` as `trustedCertificates` on Windows. Closes #3264 * Read extra trusted certificates from `NODE_EXTRA_CA_CERTS` Wrangler passes the Cloudflare root certificate using the `NODE_EXTRA_CA_CERTS` environment variable. This change loads CA certs from this variable, fixing HTTPS `fetch()`s with WARP enabled. This can also be used for trusting self-signed certificates. Closes #3218
* Use Node's root certificates on Windows `workerd`'s `trustBrowserCas` uses `SSL_CTX_set_default_verify_paths()` to enable the system trust store. Unfortunately, this doesn't work on Windows, meaning any HTTPS `fetch()` would fail, with an `unable to get local issuer certificate` error. This change passes the root certificates from Node's bundled CA store to `workerd` as `trustedCertificates` on Windows. Closes #3264 * Read extra trusted certificates from `NODE_EXTRA_CA_CERTS` Wrangler passes the Cloudflare root certificate using the `NODE_EXTRA_CA_CERTS` environment variable. This change loads CA certs from this variable, fixing HTTPS `fetch()`s with WARP enabled. This can also be used for trusting self-signed certificates. Closes #3218
* Use Node's root certificates on Windows `workerd`'s `trustBrowserCas` uses `SSL_CTX_set_default_verify_paths()` to enable the system trust store. Unfortunately, this doesn't work on Windows, meaning any HTTPS `fetch()` would fail, with an `unable to get local issuer certificate` error. This change passes the root certificates from Node's bundled CA store to `workerd` as `trustedCertificates` on Windows. Closes #3264 * Read extra trusted certificates from `NODE_EXTRA_CA_CERTS` Wrangler passes the Cloudflare root certificate using the `NODE_EXTRA_CA_CERTS` environment variable. This change loads CA certs from this variable, fixing HTTPS `fetch()`s with WARP enabled. This can also be used for trusting self-signed certificates. Closes #3218
* Use Node's root certificates on Windows `workerd`'s `trustBrowserCas` uses `SSL_CTX_set_default_verify_paths()` to enable the system trust store. Unfortunately, this doesn't work on Windows, meaning any HTTPS `fetch()` would fail, with an `unable to get local issuer certificate` error. This change passes the root certificates from Node's bundled CA store to `workerd` as `trustedCertificates` on Windows. Closes #3264 * Read extra trusted certificates from `NODE_EXTRA_CA_CERTS` Wrangler passes the Cloudflare root certificate using the `NODE_EXTRA_CA_CERTS` environment variable. This change loads CA certs from this variable, fixing HTTPS `fetch()`s with WARP enabled. This can also be used for trusting self-signed certificates. Closes #3218
|
Same issue here - can't connect to remote PG database. Running locally I get the OP's error; running with |
Workaround for cloudflare/workers-sdk#3264
Question... are you using wrangler from nixpkgs, or wrangler from I'm using NixOS as well, but my I'm hitting this error as well. However also setting That implies that my current wrangler ( Either wrangler should default 74c8b85 but it also makes sense that in NixOS, it should refer to the OS certs. |
|
Anyone having this issue on NixOS, use export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crtas suggested here https://github.com/scottwillmoore/cloudflare-workers-with-nix?tab=readme-ov-file Or add this to your home-manager config {
home.sessionVariables = {
SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt";
};
} |
Which Cloudflare product(s) does this pertain to?
Wrangler
What version of
Wranglerare you using?3.0.0
What operating system are you using?
Windows 10
Describe the Bug
After updating to the latest version, fetch API calls started to fail in
wrangler dev. Fails on any website, even the mighty google.comRolled back to v2.19.0 - everything works fine again.
A bit more of the context: I'm using fetch to call WIX'es REST API, via https, as expected. The 3.0 version seems much faster, so I assume that some serious changes were applied under the hood. Sometimes I can see mention of WSA in this error messages, and WSA is a part of Windows networking APIs, somewhat suspicions to me to see it here.
Well, I haven't rebooted my system after updating, we're not in 1999, shouldn't be the cause of the problem, huh 😁
Screenshot:
The text was updated successfully, but these errors were encountered: