Cloudflare Flagship

Looking at the docs for their JS SDK, they have this warning:

> The client provider requires an API token to fetch flag values. This token is not scoped to a single app, so anyone with the token can evaluate flags across all apps in your account. Use the client provider with caution in public-facing applications.

https://developers.cloudflare.com/flagship/sdk/client-provid...

Can anyone clarify... why the client SDK, designed to be deployed to browsers, requires caution? Does this mean that any client could send requests with a new targetingKey and observe other users' flags?

While flags probably shouldn't be critical information, this seems like an interesting design choice.

This is nice, but I’m still waiting for this to be delivered (which ironically is probably using Flagship):

https://blog.cloudflare.com/enterprise-grade-features-for-al...

—-

I don’t believe a single enterprise only feature has made its way to lower tier (paid) account yet.

I’m most interested in:

https://developers.cloudflare.com/speed/optimization/content...

A bit tangent but related: These things I'm never sure if I should be shipping on day one with mobile apps (Flutter in particular): Flagships, bug gathering, A/B testing ?

I feel strong inclination too but its also way too early before any real users can prove PMF. I've been using Google stuff but wonder if Flagship and perhaps other Cloudflare offerings can help.

The other side is that again it feels too early for this stuff and I just want to ship something quickly.

The work ivnvolved

Cloudflare are winning these days, they’re just lacking good fine grained permissions. You still have to make an entirely separate account for prod, which messes up SSO since one domain can only be bound to one account.

OpenFeature was new to me, neat! Anyone have experience integrating this? https://openfeature.dev

Missing gradual rollout of feature flag changes themselves. Yes, you can do percentage based rollouts for individual features but still should have ability to canary all changes before they cause an insta-sev.

More of this please: essential tools for building modern software must be oss; Im fine with paying for a hosted version but just the benefit of learning one tool and being able to use it everywhere (linux, k8s, python etc) is amazing.

a flagship with no pirates, all fired due to ai.

Worth noticing a Vercel equivalent: https://github.com/vercel/flags

Has anyone struggled to run their own feature flagging service? After root causing slow app starts to be caused by the equivalent offering from Firebase, I've been cautious to use any off the shelf solutions

If anyone is interested, you can implement something like that with a few lines of code on the front end. We expose a function that generates a uniformly-distributed hash that you can use for A/B testing and other uses:

  Q.Data.variant()

And on the back end, you'd use it like this:

https://github.com/Qbix/Platform/blob/main/platform/classes/...

Essentially, this can support a huge number of "variants" and within each variant you can have N equal segments. That will help you do A/B testing and flipping features on or off.

[dead]