Skip to main content
Version: 3.28.0

enforceExplicitBackends

Call this function to enforce the security property of explicitly-defined backends, even when dynamic backends are enabled at the Fastly service level.

By default, if dynamic backends are supported for the Fastly service, they will be automatically used when creating a new fetch() request. This default behaviour for dynamic backends can be a potential security concern since third-party JavaScript code may send arbitrary requests, including sensitive/secret data, off to destinations that the JavaScript project was not intending.

When calling this function, an optional default backend name can be provided.

Note: This is a separate option to the service-level dynamic backend support for Fastly services, which is by deault disabled for Fastly services.

The enforceExplicitBackends() function is used to control whether or not Dynamic Backends should be allowed within this Fastly Compute Service.

By default, Dynamic Backends are enabled, but can be a potential security concern since third-party JavaScript code may send arbitrary requests, potentially including sensitive/secret data, off to destinations that the JavaScript project was not intending.

Using allowDynamicBackends(false) this security property can be restored to only use explicit backend definitions.

Note: Dynamic Backends are disabled by default for Fastly Services. Please contact Fastly Support to request the feature be enabled or disabled on Fastly Services.

Syntax

enforceExplicitBackends(defaultBackend?)

Parameters

  • defaultBackend : string optional
    • An optional default backend string name to use in fetch() requests.

Return value

undefined.