Overview
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- Billing Usage
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Hosting DNS Records
- Domain Connection
- HTTPS Certificate
- Domain alias
- Traffic Scheduling
- Site Acceleration
- Overview
- Access Control
- Smart Acceleration
- Cache Configuration
- Overview
- EdgeOne Cache Rules
- Cache Configuration
- Clear and Preheat Cach
- How to improve the Cache Hit Rate of EdgeOne
- File Optimization
- Media processing
- Network Optimization
- HTTP/2
- HTTP/3(QUIC)
- Overview
- Enable HTTP/3
- QUIC SDK
- SDK Overview
- SDK Download and Integration
- Sample Code
- API Documentation
- IPv6 Access
- Maximum Upload Size
- WebSocket
- Client IP Geolocation Header
- Client IP Geographical Location
- gRPC
- URL Rewrite
- Modifying Header
- Custom Error Page
- Request and Response Actions
- Origin Configuration
- Load Balancing
- Origin Group Configuration
- Origin-pull configuration
- Related References
- Collect EdgeOne origin-pull node IP
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Customize Referer restriction rules
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Best Practices
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Custom Response Page
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Log Service
- Overview
- Real-time Logs
- Offline Logs
- Related References
- Data Analysis
- Analytics
- Tool Guide
- Practical Tutorial
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Custom Response Page APIs
- Diagnostic Tool APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
Menu
Authenticating a Request Header
This example demonstrates how to use an edge function to perform simple permission control by verifying the value of the
x-custom-token
request header. If the value is token-123456, access is allowed. Otherwise, access is denied.Sample Code
async function handleRequest(request) {const token = request.headers.get('x-custom-token');if (token === 'token-123456') {return new Response('hello world');}// Incorrect key supplied. Reject the request.return new Response('Sorry, you have supplied an invalid token.', {status: 403,});}addEventListener('fetch', event => {event.respondWith(handleRequest(event.request));});
Sample Preview
In the address bar of the browser, enter a URL that matches a trigger rule of the edge function to preview the effect of the sample code.
If authentication fails, access is denied.
![](https://cloudcache.intl.tencent-cloud.com/cms/backend-cms/e27602b5bb3311eeb395525400461a83.png)
If authentication is successful, access is allowed.
![](https://cloudcache.intl.tencent-cloud.com/cms/backend-cms/e2ed48c5bb3311eea201525400170219.png)