When using Cloudflare Workers, there are situations where you might want to quickly set them up as lightweight APIs for workflow triggers. Especially during development or testing, you may want to restrict API execution to your local machine only.

The following code snippet allows you to check whether the request is coming from localhost (localhost or 127.0.0.1) and block access from any other hosts:

// Get the hostname from the request URL
const url = new URL(request.url);
const hostname = url.hostname;
// Local environment check (only allow localhost or 127.0.0.1)
if (hostname !== 'localhost' && hostname !== '127.0.0.1') {
    return new Response('Bad Request', {
        status: 400,
        headers: { 'content-type': 'text/plain;charset=UTF-8' },
    });
}

This code can be used within your Cloudflare Workers handler. It parses the request URL and responds with a 400 Bad Request status if the hostname is not localhost or 127.0.0.1.

This check allows you to safely test and debug your workflows during development while preventing unauthorized access when deployed to production.