frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Cloudflare Drop

https://www.cloudflare.com/drop/
93•coloneltcb•2h ago

Comments

ChrisArchitect•2h ago
> No account needed. Deployment is active for 60 minutes, then expires unless you claim it.

(https://x.com/BraydenWilmoth/status/2074894829616509358)

simonw•1h ago
Same deal as their Cloudflare Workers previews from a few weeks ago: https://blog.cloudflare.com/temporary-accounts/
Bender•2h ago
There must be some really good protection on this. If I enabled such a thing on any of my servers it would be full of warez, porn, malware, CSAM and who knows what else within minutes. Curious how they manage to keep it clean.
DakotaR•1h ago
Yeah, I was going to start a file drop site like 0x until realizing what it'd be used for
mattlondon•1h ago
Only live for an hour.

But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...

Y-bar•37m ago
One hour is great for spearphishing attacks, once the victim has been infected their IT department will have no trace of the source.
ChrisArchitect•1h ago
Extension of the temporary accounts they needed to enable for Agents https://blog.cloudflare.com/temporary-accounts/
smalltorch•1h ago
Hmm, that's fun and useful. Here is snake game for 60 minutes.

https://drop-e7e6d363-601.important-seat.workers.dev

copper-float•1h ago
What an honor. I got a high score of seven.
tengbretson•1h ago
Your code appears to have a bug where if the arrow keys trigger a change of direction twice in a single frame interval, it can mistakenly send the snake back on itself.
janandonly•1h ago
Makes sense. It plays nicely with the vibe code kids who don’t know how to do GitHub or don’t know to ask their LLM about it.
_pdp_•1h ago
It is cool to see not sure why you would use it.

Also it seems to me that this is a good way to exfiltrate data, rubber stamped by cloudflare themselves.

gruez•1h ago
Isn't there already thousands of ways for exfiltrating data that must be whitelisted by corporate firewalls? office365/gsuite, for instance. Not to mention the classics like dns.
sgt•1h ago
Tried uploading a ZIP and got:

"Something went wrong An unexpected error occurred. Please try again or contact support."

throwaway81523•1h ago
Wait, my first impression was that it points a local browser to your local browser. Now it looks like it uploads your folder to Cloudflare and temporarily serves it over the web. But is that different from what we used to do with FTP? Are there any databases or anything like basic PHP hosts supply? It's just static sites?

Is this a product or what? What's the purpose? Is there an API?

joenot443•53m ago
A minute ago I had an HTML doc I wanted to share with a PM. It was a Claude prepared demo of a hypothetical feature. Lots of screenshots.

I ended up just embedding them directly in the HTML as base64 and sending him a 15mb file, but hypothetically this would have been a nice solution instead.

throwaway81523•42m ago
You could just upload to a personal or other website? I sometimes do that. Is there any security or privacy (e.g. password protection) for this Cloudflare Drop site?
pantelisk•38m ago
There are also solutions for sharing your homelab with others (basically tunneling from your machine->server (internet accessible) <-> client. Though, if your machine would go to sleep that whole chain would fall apart. A few good automatic solutions out there that solve the problem (no "just replace dropbox with ftp" type of argument).

However, I see the appeal of this. Kind of surprised it hasn't happened yet to be honest.

qingcharles•37m ago
Absolutely agree. There's an insane "feature" of Claude Design which means you can only share the link to the design with other users on your account?! You can export the design, though, but then you need somewhere to quickly drop a bunch of HTML + assets. This would be perfect for that.
andrethegiant•1h ago
Netlify made this 10 years ago... they even copied the name! https://app.netlify.com/drop
brightball•1h ago
There are numerous products like this out there. Isn’t that where Dropbox got its name in the first place?
latchkey•14m ago
Don't forget Digital Ocean Droplets.
tech234a•52m ago
And BitBalloon before that (which Netlify acquired) http://web.archive.org/web/20131028083240/https://www.bitbal...
dmillar•36m ago
Low barrier services don't care who's first in this epoch.
Cider9986•1h ago
>Something went wrong An unexpected error occurred. Please try again or contact support.

I have a few qualms with this app.

collabs•1h ago
Congratulations on launching!

I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It should just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.

Please drop your cloudflare email address and I will reach out to you with my repository information.

turtlebits•50m ago
Or you could do some of your own troubleshooting? Uploading a git repo is different than uploading a zipped/folder, especially if your index.htm/l isn't at the root.
altairprime•59m ago
Hah! This is exactly how I’m serving the vestigial remnant of my blogging in the early 2000s from a ZIP-backed Cloudflare Worker today. Should I rebuild my site with Drop+Claim or is it fine as-is? I kind of feel like ‘if what I have works, don’t change it’ is the best path.
heipei•53m ago
Cloudflare is really good at launching features that facility low-friction deployment of malicious content (such as phishing) on the Internet, piggybacking on their hosting reputation and the fact that you can't easily block their ASN or domains.
Waterluvian•43m ago
Be the change you want to see to make the world of your dreams.

And then sell its denizens malice protection services.

simultsop•30m ago
I don't know your experience. Once I was toying around and doing a basic auth with registration and so. The weekend was over and couldn't get back to that couple of months. The worker was quarantined and marked as phishing automatically. So I believe they have something in place to prevent those you complain.
jszymborski•14m ago
Your anecdote just illustrates that their system detects legit uses as abuses, not that they have a system that effectively detects abuses.
system2•53m ago
It would be nice if we could see some information such as file size limitations, demos, link structure, management, etc. Am I expected to upload a random HTML file and see how it works?
Fergusonb•12m ago
Yep, I chucked it a file on my desktop: index.html present Max individual file size 25MB Total file count <2000 Total size less than 100MB
petee•6m ago
[delayed]
ricardobeat•36m ago
I remember doing this in 2006. FTP. Good times.
sleepynoodle•32m ago
This is so cool.
S0y•31m ago
Cloudflare has the astonishing ability to make me hate them more as a company every new feature they launch.
vevoe•29m ago
why?
S0y•26m ago
Every new feature they've launched recently can be used to make the web more dangerous for everyone except those who use Cloudflare.
denismenace•24m ago
How would this make the web more dangerous? Its just static file hosting. Already wildly available!
latchkey•13m ago
phishing
TZubiri•13m ago
The argument would be that they sell the kevlar and the guns

Kevlar:

https://developers.cloudflare.com/bots/ https://www.cloudflare.com/products/turnstile/

Guns:

https://support.cloudflarewarp.com/

To be fair, CF mainly develops defensive cybersecurity products, the extent to which their tools might be used maliciously is pretty on par with other regular tools.

But, it just has bad optics and potential COI/Racketeering when CF is at both sides of the counter.

To be explicit, in case it isn't obvious,Cloudflare emerged as a DDoS protection company, detecting attacks from distributed sources is part of the raison d'etre, and domains and IP addresses are a key part of that infrastructure.

By subletting their own IP addresses for navigation with warp, and their own domains for hosting of webcontent with subdomain hosting, they are providing pooled anonimity for their customers, which is precisely what makes it very hard for defenders on the other side to implement foundational security measures like IP bans, or IP block bans, or domain bans, or Whois/RDAP domain analysis.

toomuchtodo•29m ago
Cloudflare folks: Please consider supporting WARC archives for deployment.
jonluca•24m ago
Wow the people in this thread are a huge bummer. This is much cooler and I doubt this is a real safety issue. You can already sign up for a free cloudflare account and deploy it for free, on your own, on a free workers.dev domain. The friction removal here isn't going to meaningfully change the security / amount of malicious content.
djfobbz•23m ago
Yet I can't drag and drop a plain old HTML file without putting it in a folder or a ZIP file first.
rickcarlino•23m ago
Desktop operating systems should be able to run zipped web apps the way Electron apps run today. It ought to just be part of the OS.
TZubiri•5m ago
And if there's a form or something with a backend? Just break?
nalekberov•19m ago
The internet will soon be flooded with even more scam landing pages.
BoppreH•14m ago
Dropped a folder with a small HTML project, and after 20 seconds got "Something went wrong. An unexpected error occurred. Please try again or contact support.".

Note how the error has zero information.

Looking at the network requests, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked". Happens even with adblocker and cookie extensions disabled, and I don't usually have problems with Cloudflare sites. Firefox on linux.

I'm very tired of this adversarial approach to software and vague errors.

EDIT: it was the 'fsmonitor-watchman.sample' default hook in the .git folder. "Please try again" and "you've been blocked" for committing the sin of uploading a folder that's a git repository. Sigh...

efields•32m ago
I built a tool _just the other day_ for this exact purpose. Now my agents proactively make disposable links for me: https://jlnk.us
dmillar•27m ago
Replit is used a lot in this context. Their agent is good, but their circumvent-policies-to-get-something-in-front-of-execs-quickly is an amazing and mis-priced feature.
vulture916•16m ago
Check out Tailscale - they have TUNS + share the source files with someone else in tailnet.

OpenAI no longer recommends SWE-Bench Pro

https://openai.com/index/separating-signal-from-noise-coding-evaluations/
37•sk4rekr0w•26m ago•7 comments

Chatto is now Open Source

https://www.hmans.dev/blog/chatto-is-open-source
556•speckx•6h ago•154 comments

Fable is not a useful model

https://combine-lab.github.io/blog/2026/07/07/fable-is-not-a-useful-model.html
114•karrot-kake•48m ago•92 comments

SWE-1.7 Reach Near GPT 5.5 and Opus Intelligence

https://cognition.com/blog/swe-1-7
212•mekpro•5h ago•116 comments

Cloudflare Drop

https://www.cloudflare.com/drop/
95•coloneltcb•2h ago•54 comments

Mistral's Robostral Navigate: a state of the art robotics navigation model

https://mistral.ai/news/robostral-navigate/
358•ottomengis•7h ago•85 comments

Decoding the obfuscated bash script on a Uniqlo t-shirt

https://tris.sherliker.net/blog/obfuscated-self-evaluating-bash-script-by-cdn-akamai-being-suppli...
1200•speerer•12h ago•193 comments

Show HN: Microsoft releases Flint, a visualization language for AI agents

https://microsoft.github.io/flint-chart/#/
116•chenglong-hn•3h ago•49 comments

FAANG Simulator

https://www.abeyk.com/escape-the-rat-race/
42•nerdbiscuits•1h ago•12 comments

GPT‑Live

https://openai.com/index/introducing-gpt-live/
504•logickkk1•4h ago•344 comments

A bug which affected only left handed users

https://shkspr.mobi/blog/2026/07/a-bug-which-only-affected-left-handed-users/
47•sixhobbits•8h ago•20 comments

OpenMandriva: Statement regarding attempted distribution sabotage

https://forum.openmandriva.org/t/statement-regarding-attempted-distribution-sabotage/8997
45•workethics•3h ago•8 comments

Cloudflare Meerkat - Globally distributed consensus

https://blog.cloudflare.com/meerkat-introduction/
186•bobnamob•8h ago•39 comments

Show HN: Onboard-CLI, a LLM powered and AST-based tool to visualize codebase

https://github.com/animesh-94/Onboard-CLI
8•yr_animesh•1h ago•2 comments

I Built a Telegram Client for Pi

https://www.npmjs.com/package/@atharva-again/pi-tg
29•atharva-again•2d ago•17 comments

EU now one step away from reviving private message scanning rules

https://cyberinsider.com/eu-now-one-step-away-from-reviving-private-message-scanning-rules/
271•ggirelli•4h ago•119 comments

DKIM2 and DMARCbis Have Landed

https://stalw.art/blog/dkim2-dmarcbis/
5•StalwartLabs•2d ago•1 comments

OpenBSD has a use-after-free allowing local privilege escalation to root

https://nvd.nist.gov/vuln/detail/cve-2026-57589
224•linggen•8h ago•104 comments

Turning a pile of documents into a searchable useable knowledge base

https://github.com/linuxrebel/DocuBrowser
9•linuxrebe1•52m ago•1 comments

Understanding B-Tree Indexes in PostgreSQL: A Comprehensive Guide– Part 1

https://medium.com/@devli0/b-tree-indexes-in-postgresql-part-1-theory-eb2668c52520
28•corvus-cornix•3d ago•1 comments

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/
486•ColinEberhardt•16h ago•185 comments

Show HN: Agent Draw: An agent draws while you talk, built on TLDraw

https://techstackups.com/articles/tldraw-agent-draw/
21•jameswhitford•2d ago•2 comments

TypeScript 7

https://devblogs.microsoft.com/typescript/announcing-typescript-7-0/
350•DanRosenwasser•5h ago•129 comments

Show HN: Hnwork.app – UI for Who is hiring posts

https://hnwork.app/
11•scottilee•1h ago•4 comments

Agentic test processes, LLM benchmarks, and other notes on agentic coding fr

https://danluu.com/ai-coding/#llm-variance
6•lifeisstillgood•1h ago•1 comments

Show HN: Follow London Trains in 3D

https://ride.nexttrain.london/
116•mgranados•4d ago•52 comments

EVE Online's Carbon engine is now open source: Fenris Creations explains why

https://www.gamesindustry.biz/eve-onlines-carbon-engine-is-now-open-source-fenris-creations-expla...
357•Stevvo•4d ago•121 comments

PlayStation can delete all your digital games after 3 years of inactivity (EU)

https://www.flatpanelshd.com/news.php?subaction=showfull&id=1783340582
166•thewebguyd•3h ago•75 comments

TabFont – guitar tabs rendered as you type

https://philatype.com/tabfont/
68•ChrisArchitect•3d ago•21 comments

What Do We Know About the Microplastics Inside Us?

https://e360.yale.edu/features/cassandra-rauert-interview
152•speckx•3h ago•79 comments