Skip to content

feat: Shielding support #1241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TartanLlama merged 13 commits into from
Dec 10, 2025
Merged

feat: Shielding support #1241

TartanLlama merged 13 commits into from
Dec 10, 2025

Conversation

@TartanLlama
Copy link
Contributor

@TartanLlama TartanLlama commented Dec 2, 2025
edited
Loading

Adds support for shielding. Example:

/// <reference types="@fastly/js-compute" />
    
import { Shield } from "fastly:shielding";

async function app(event) {
    const shield = new Shield('wsi-australia-au');
    // If running on the shield POP, fetch from the origin directly
    if (shield.runningOn()) {
        return await fetch('https://http-me.fastly.com/anything', { backend: 'httpme' });
    }
    // Otherwise, route the request through the shield using an encrypted connection
    return await fetch(event.request, { backend: shield.encryptedBackend() });
}

addEventListener("fetch", (event) => event.respondWith(app(event)))

There is no automated test, as there's additional complexity in ensuring that the shield POP has also gone up in time for the test to run. We could potentially add one that continually sends a request to the shield until it responds, but for now I've just tested this manually, which is also what, e.g. the Go SDK does.

@TartanLlama TartanLlama changed the title Shielding support feat: Shielding support Dec 2, 2025
@TartanLlama TartanLlama requested a review from zkat December 2, 2025 15:51
zkat
zkat reviewed Dec 10, 2025
View reviewed changes
runtime/fastly/builtins/shielding.cpp
if (status == 0) {
out_buf.resize(used_amount);
break;
} else if (status == FASTLY_HOST_ERROR_BUFFER_LEN) {
Copy link
Contributor

@zkat zkat Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

doesn't FASTLY_HOST_ERROR_BUFFER_LEN usually set buf_size to the expected buf_size, so you don't have to keep retrying like this?

Copy link
Contributor Author

@TartanLlama TartanLlama Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Usually, yes, not in the case of this host call it seems. I'm following the Rust SDK behaviour fwiw

Copy link
Contributor Author

@TartanLlama TartanLlama Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/fastly/fst-compute-sdk-rs/blob/fe621bae505f843d55fa99afae186f453c847aee/fastly/src/shielding.rs#L127

Copy link
Contributor

@zkat zkat Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apparently it doesn't. Absolutely rude.

@TartanLlama TartanLlama merged commit 985c55e into main Dec 10, 2025
28 of 29 checks passed
@TartanLlama TartanLlama deleted the sy/shielding branch December 10, 2025 17:54
This was referenced Dec 10, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zkat zkat zkat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TartanLlama @zkat