| ▲ | crabmusket 6 hours ago |
| Looking at the docs for their JS SDK, they have this warning: > The client provider requires an API token to fetch flag values. This token is not scoped to a single app, so anyone with the token can evaluate flags across all apps in your account. Use the client provider with caution in public-facing applications. https://developers.cloudflare.com/flagship/sdk/client-provid... Can anyone clarify... why the client SDK, designed to be deployed to browsers, requires caution? Does this mean that any client could send requests with a new targetingKey and observe other users' flags? While flags probably shouldn't be critical information, this seems like an interesting design choice. |
|
| ▲ | OptionOfT 6 hours ago | parent | next [-] |
| Let's think about it. This is probably something used internally at CloudFlare and someone thought I'd be interesting to make it public. There is no way 6 months ago someone at CloudFlare thought it was a good idea to build a competitor to say LaunchDarkly. |
| |
| ▲ | jasonjmcghee 5 hours ago | parent | next [-] | | Hmm not sure I necessarily agree. Cloudflare's strategy has been looking like "the only platform you need" for a while now. Their recent features / announcements have been equivalent to: (LaunchDarkly) Resend, Firecrawl, CrewAI, Helicone, Replicate, Pinecone - Which like… many companies have a painful procurement process. If all you need is Cloudflare, and prices are within reason- why not use them | | | |
| ▲ | bg24 5 hours ago | parent | prev | next [-] | | Both Cloudflare and Vercel have feature parity. Flags is a feature already in Vercel. While customer-first is a thing, it is also a no-brainer to start with: we use it, Vercel has it, let us build it. | | | |
| ▲ | roerohan 3 hours ago | parent | prev | next [-] | | https://blog.cloudflare.com/flagship Here's why we built it! | | |
| ▲ | Hamuko 3 hours ago | parent | next [-] | | >Agentic coding tools like OpenCode and Claude Code are shipping entire features in minutes. How many minutes do I need to wait until app-scoped tokens are live? | |
| ▲ | 3 hours ago | parent | prev [-] | | [deleted] |
| |
| ▲ | wahnfrieden 6 hours ago | parent | prev [-] | | Care to share why |
|
|
| ▲ | jjcm 4 hours ago | parent | prev | next [-] |
| Jane Wong salivating reading this |
|
| ▲ | roerohan 3 hours ago | parent | prev [-] |
| Hi! One of the engineers from the Flagship team here, app-scoped tokens are WIP. |
| |
| ▲ | stingraycharles 3 hours ago | parent | next [-] | | That sounds like the product is not finished and should not be released? | | |
| ▲ | nine_k 44 minutes ago | parent | next [-] | | "If you are not ashamed by what you are shipping, you are not shipping early enough" (Quoting from memory) | | |
| ▲ | crabmusket 7 minutes ago | parent [-] | | That's a terrible attitude for an infrastructure company. This is what private betas / close iteration with customers is for. |
| |
| ▲ | ai_fry_ur_brain 3 hours ago | parent | prev [-] | | This has been the Cloudflare standard operating procedure for the last year or so. Non stop shipping alpha/beta products. | | |
| ▲ | rustystump an hour ago | parent [-] | | Otherwise known as vibe code snacking. Vibe out the easy 80% and say the hard 20% is “coming soon tm” |
|
| |
| ▲ | yuretz 3 hours ago | parent | prev | next [-] | | Is it perhaps available behind a flag somewhere? | |
| ▲ | Craighead 3 hours ago | parent | prev [-] | | Then it's not finished? |
|
