Does nobody read the fineprint?<p>By submitting, posting, or publishing your content, suggestions, enhancement requests, recommendations, feedback, information, data, or comments (“Content”) to any Website or Online Service, you are granting Cloudflare a perpetual, irrevocable, worldwide, non-exclusive, royalty-free right and license (with the right to sublicense) to use, incorporate, exploit, display, perform, reproduce, distribute, and prepare derivative works of your Content.<p>If you're ok with that, fine.
But I'm not.
I'm always really doubtful this is applicable in the end, especially in the EU. You can't give up all your copyright like this
If you don’t give them a license to display the works you give them to display, how can they legally display it?
Perhaps the same way that Github works when you host your web page there. I.e. A revocable, limited license, where you retain full ownership, and only grant them permission to host and serve your content + a limited set of other uses, and you dictate external licensing?
It states more than just display: 'to use, incorporate, exploit, display, perform, reproduce, distribute, and prepare derivative works'
Can this be a necessary legal framing for technical purposes, to allow converting of pictures to different resolutions, or adapt the content to mobile views, and such things?
Perpetual and irrevocable? And with the right to modify, not just display?<p>You do not need all that.
Perpetual and irrevocable? Derivative works?
You beat me to it, I was going to post the same.<p>Clear red flag, only useful for whistleblowers.
People are losing the ability to read. Lots of high schoolers are incapable of reading properly already. Attention spans shrink. We got some fun times ahead of us.<p>We need these legal texts as short form TikTok content I am afraid.
I have plenty of ability to read, but I never read these T&Cs because they’re usually dozens of pages long and life’s too short (or, if you prefer, the cost/benefit doesn’t support it). For consumers in Europe, at least, it’s usually safe to assume that anything too shitty is unenforceable, which helps.
Here's Cloudflare's T&C in comic form, for those with short attention spans.<p><a href="https://nedroidcomics.tumblr.com/post/41879001445/the-internet" rel="nofollow">https://nedroidcomics.tumblr.com/post/41879001445/the-intern...</a>
Thank you for highlighting this :)
Wow the people in this thread are a huge bummer. This is much cooler and I doubt this is a real safety issue. You can already sign up for a free cloudflare account and deploy it for free, on your own, on a free workers.dev domain. The friction removal here isn't going to meaningfully change the security / amount of malicious content.
Well according to the people in this thread it was previously impossible for bad actors to host a website, and CloudFlare has now given them this unique ability.
[dead]
Why would Cloudflare do that? They shouldn't help bad actors.
I really hope/imagine this project specifically has a LLM of some kind doing real-time analysis on the uploaded files for malware from the get-go. How good that is could be is anyone's guess (and chances are there would be blind spots / evasion techniques).
When you see a group of people being critical, you can either see it as a “bummer”, or you can see it as people critically thinking about a thing.<p>Is it really more useful to have everyone expressing how much they like something instead of identifying problems?<p>Is seeing people talking about the things they don’t like something that makes you unhappy? Why?
I think the HN rule for "curmudgeonly" applies.<p>> Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.<p><a href="https://news.ycombinator.com/newsguidelines.html">https://news.ycombinator.com/newsguidelines.html</a><p>I think HN should be a place where I am excited to see what others have to add. When I see a post I am excited to see what takes and spins others have on it. I do want real criticism and a lively debate about important things, but there has to be a balance.<p>I want to see other comments that seem like they genuinely want to help steer something or build people up. Sometimes I get the impression that's not happening on HN.
The problem is that everything is negative, all the time. Nothing good is allowed to be acknowledged. Everything someone or some company does must not be acknowledged to have any redeeming value- it’s all just negative<p>Which is sad, because so much amazing stuff is happening on the world right now, and seems to be only accelerating. For everybody.
Amazing stuff? You mean technical stuff right? Because politically, demographically and climate wise we're headed for disaster or at least dystopia.<p>I wished I could find all the science and technology as uplifting as my friends do.
> Nothing good is allowed to be acknowledged.<p>What makes you say this?
Maybe AI slop has something to do with it?
It may not be critical thinking though, but simply being contrarian, which is one of the easiest ways to sound smart without necessarily providing much of value or substance. And strangely, seeing as it’s relatively rare IRL, seemingly the default on the internet. Blindly praising isn’t worth much either, but I doubt that’s what jonluca is encouraging. It’s possible to “yes, and” without resorting to either sycophancy or relentless negatively.
> Is seeing people talking about the things they don’t like something that makes you unhappy? Why?<p>Probably (I'm just assuming) because that person observes negative/cautious/"I don't like this because X and Y and also Z"/etc sentiment too much and feels like people are only quick to notice issues while forgetting about good sides.<p>It's only an assumption, though.
You're encountering the "contrarian dynamic" which dang described in this post (which also explains why your own anti-contrarian comment reached the top) <a href="https://news.ycombinator.com/item?id=24215601">https://news.ycombinator.com/item?id=24215601</a>
Agreed I think this is pretty solid especially since you get all the Cloudflare benefits like CDN from the get-go.
But why need they so much license rights?<p><a href="https://news.ycombinator.com/item?id=48841559">https://news.ycombinator.com/item?id=48841559</a>
hn has turned into a reddit hate fest. It's getting hard to read non stop negativity and hate. I'm happy to see your positive comment.
Agreed. This is the same crowd that is mad about free tiers going away on other dev-friendly hosting services…
You must be new here :)
wait till anyone remotely mentions apple or apple products. the neckbeards on their thinkpads will come in droves to shit on cupertino's best.
It's not Apple in general. If they release a new Mac Mini, it's fine. The thread when the Neo was released, was outright jubilant. It's whenever macOS is mentioned, it devolves in extreme negativity. I always, always avoid those.
Brother it’s always been like this. Just check n-gate.com (tragic loss btw, rip)
Hi! I have been following n-gate.com a small bit over the years, because I found it very interesting and it was a rabbit hole I wanted to go down.<p>I actually setup "xor-gate" for a while, which was trying to be a similar thing co-authored by a friend, but it was too time consuming and we gave up.<p>Did the author pass? I'm not trying to be crass, but I don't know the details.
I think they are all bots or threatened to see their little hobby now being accessible, classic gatekeeping.
Corporations acting as if naive is a bit of problem in reality. For one thing, CF is probably the largest entity serving pirated content internationally while hiding the identities of actual perpetrators for <i>privacy</i>.<p>Same here: CF is basically giving malicious actors an ability to ship contents/data publicly while laundering the legal responsibility of those actors.<p>Now tell me what is cool
> For one thing, CF is probably the largest entity serving pirated content internationally while hiding the identities of actual perpetrators for privacy.<p>That's awesome, glad to hear it
> Now tell me what is cool<p>Not immediately being a copyright bootlicker.<p>The fact that you went straight to "BuT pIrAtEs" already shows who you actually care: Corpos, not people.
A dirty secret is that piracy is being abused by criminal organizations[1]. When people unknowingly access such sites to see contents for free, it generate ad revenue for those organizations, which can fund other crimes.<p>[1]: <a href="https://www.interpol.int/en/Crimes/Illicit-goods/Projects/Project-I-SOP" rel="nofollow">https://www.interpol.int/en/Crimes/Illicit-goods/Projects/Pr...</a>
>Now tell me what is cool<p>Piracy is cool. Information wants to be free.<p>I hate the corporate bootlicking that is so prevalent here.
Netlify made this 10 years ago... they even copied the name! <a href="https://app.netlify.com/drop" rel="nofollow">https://app.netlify.com/drop</a>
And BitBalloon before that (which Netlify acquired) <a href="http://web.archive.org/web/20131028083240/https://www.bitballoon.com/" rel="nofollow">http://web.archive.org/web/20131028083240/https://www.bitbal...</a>
BitBalloon was the original project from Matt, the founder of Netlify!
Loved this app. What is old is new again.
Isn't this what we used to do with Geocities a quarter century ago? And with most other websites that offered FTP upload? You didn't have to be very technical -- there were windows FTP clients where you could just type in the IP, username, password and see an explorer-like view, onto which you could just drag and drop your HTML and image files.
There are numerous products like this out there. Isn’t that where Dropbox got its name in the first place?
I thought it was a reference to the Mac OS X `~/Public/Drop Box` directory, which was a write-only place for people to send files to your user, which has been around since the first OS X beta came out in 2000.
I vaguely remember being told to put assignments in a drop box (like a mail box on campus) in the mid 2000s at least, and I'm sure it wasn't a new concept then.
Oh dang, you're right. Mac OS X was my first Mac OS, but it looks like the Drop Box concept existed long before OS X. Here's a reference from 1991 titled "AppleShare Drop Box: Access for System 6 and 7 Clients" <a href="https://www.savagetaylor.com/TIL/TIL09033.pdf" rel="nofollow">https://www.savagetaylor.com/TIL/TIL09033.pdf</a>
A term still used on Tahoe. Right click a file in Finder, Get Info. A file permissions option is "Write only (Drop Box)"
A drop box is a real physical thing, where you drop items for other people to collect.
I was always under the impression that that was referencing the notion from spycraft.
Don't forget Digital Ocean Droplets.
FWIW, We called them droplets because drop of water in the (Digital)Ocean.
Or Drop.io which got bought by Meta
Its not exactly a very elaborate name.
Low barrier services don't care who's first in this epoch.
But this time it's with ~blockchain~ AI!
ouch... I get that it's a simple concept but darn it really does seem like ctrl c ctrl v lmao
This is perfect for my Chrome Extension for recording sessions and capturing screenshots, audio narration and videos. The output is a zip file with everything so if user wants to share they can use this<p><a href="https://github.com/mohsen1/session-recorder-chrome-extension" rel="nofollow">https://github.com/mohsen1/session-recorder-chrome-extension</a><p>I built above chrome extension because anything in this area has been trying to monetize the solution. I wanted a free and open source version of this to exist.
They had a short blog post about this:<p><a href="https://developers.cloudflare.com/changelog/post/2026-07-08-cloudflare-drag-and-drop/" rel="nofollow">https://developers.cloudflare.com/changelog/post/2026-07-08-...</a>
There is a reason I had to lock my better version of this (<a href="https://quickish.site" rel="nofollow">https://quickish.site</a>) behind Google OAuth to start. Like it or not, this type of stuff is going to be more popular than it was when Netlify / Heroku was doing it a decade ago.
There must be some really good protection on this. If I enabled such a thing on any of my servers it would be full of warez, porn, malware, CSAM and who knows what else within minutes. Curious how they manage to keep it clean.
The protection is that they're rich enough to handle requests from law enforcement without going to jail themselves. They'll certainly pass your IP address to law enforcement if asked.
Only live for an hour.<p>But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...
They already allow hosting static websites so I think the same guardrails are implemented.
I've never used CF so I could be ignorant in this matter. I assumed <i>perhaps incorrectly</i> that people had to verify their email address and delegate their domain(s) to CF including setting the glue records in the TLD servers meaning there is <i>possibly</i> a financial trail somewhere <i>probably in the DNS registrars and perhaps a mail provider</i>, whereas this is just drag-and-drop with no money trail.<p>I have no idea what guardrails they have in place in the background that blocks malware, CSAM, warez and such on their free accounts.
Just having an account with an email address is enough.<p>They assign a subdomain automatically for uploads, same as cloudflare workers.<p>I don't know what they do, but implementing guardrails for this is possible nowadays with AI, but maybe they use a "mechanical turk"
If you want your own domain you need to do a bunch of that but you can also host stuff on your own free subdomain of their workers.dev
Yeah, I was going to start a file drop site like 0x until realizing what it'd be used for
At least when it comes to bad types of porn, it's be similar to Imgur allowing anonymous uploads. They already do CSAM scanning on uploads to their R2 storage:<p><a href="https://blog.cloudflare.com/a-simpler-path-to-a-safer-internet-an-update-to-our-csam-scanning-tool/" rel="nofollow">https://blog.cloudflare.com/a-simpler-path-to-a-safer-intern...</a>
I dropped a static html page and all I got was Cloudflares well known 'Performing security verification' (and so did a Google pagespeed check).
Cloudflare is obviously more trustworthy/robust here, but if name of the url matters to you, my site non.io [1] allows for named uploads, ie <a href="https://html.non.io/solara" rel="nofollow">https://html.non.io/solara</a> [2]<p>Somewhat useful if you want a url that isn't a hash / is more self descriptive.<p>[1] Launch discussion: <a href="https://news.ycombinator.com/item?id=36296695">https://news.ycombinator.com/item?id=36296695</a><p>[2] This was a demo of the output of a design tool I'm working on, only the home/accommodations/about pages work.
Reminds me of web development in the 1990s.<p>I honestly miss those days of deployment simplicity.
I co-founded a page builder for WordPress. Myself and my co-founders would joke about the "friends and family" problem. When friends or family asked us to help build their website, we usually pointed them away from our tool+WordPress for something simpler. It's nice to see more options out there that reduce the friction from someone with an idea to something published and sharable.<p>Several weeks ago, I got frustrated hitting the free tier limits on Netlify, and was looking for a self-hosted solution for this problem. I built it using a DO VPS and Caddy in the backend. It's free on Github. I was able to get the whole thing set up in an hour or two with the help of an agent. Feel free to give it a spin.<p><a href="https://github.com/RobbyMcCullough/honeydrop" rel="nofollow">https://github.com/RobbyMcCullough/honeydrop</a>
Hmm, that's fun and useful. Here is snake game for 60 minutes.<p><a href="https://drop-e7e6d363-601.important-seat.workers.dev" rel="nofollow">https://drop-e7e6d363-601.important-seat.workers.dev</a>
Your code appears to have a bug where if the arrow keys trigger a change of direction twice in a single frame interval, it can mistakenly send the snake back on itself.
What an honor. I got a high score of seven.
$ curl -I <a href="https://drop-e7e6d363-601.important-seat.workers.dev/" rel="nofollow">https://drop-e7e6d363-601.important-seat.workers.dev/</a>
curl: (7) Failed to connect to drop-e7e6d363-601.important-seat.workers.dev port 443 after 47 ms: Couldn't connect to server<p>Tried from two hosts, different countries.
It is cool to see not sure why you would use it.<p>Also it seems to me that this is a good way to exfiltrate data, rubber stamped by cloudflare themselves.
Makes sense. It plays nicely with the vibe code kids who don’t know how to do GitHub or don’t know to ask their LLM about it.
I can see this interface is for vibe coders haha<p>I have been hosting static websites with cloudflare for years and finding how to do it on the UI is getting harder as they add more things and reoranize.
Desktop operating systems should be able to run zipped web apps the way Electron apps run today. It ought to just be part of the OS.
Adobe Air, for the obscure nostalgia bomb
Unzip it.<p>Double click the html file.<p>The OS will run the web app using a browser that is just part of the OS.
And if there's a form or something with a backend? Just break?
Cool, it worked!<p><a href="https://drop-1e1a536f-10d.honeysuckle-gull.workers.dev/" rel="nofollow">https://drop-1e1a536f-10d.honeysuckle-gull.workers.dev/</a><p>It's minesweeper, but the logic uses xstate/store. The link in the bottom is broken; it's supposed to go to `building-minesweeper-with-xstate-store.html`<p>I have no need for this but I love that my friends could vibe out a website, drop it here, claim it, and host it for pennies. This is great.<p>"Your site is reachable within ~32ms of 95% of the world’s Internet-connected population" isn't new but it's cool to see that achieved so trivially.
Cloudflare Drop: finally, a domain registrar that understands the real use case is buying 47 domains at 3am and never deploying anything to any of them
>Something went wrong
An unexpected error occurred. Please try again or contact support.<p>I have a few qualms with this app.
What about the databases?
So, if I need a company website, can i do the following:<p>- drop my html into Cloudflare drop<p>- setup a CNAME DNS for my domain to point at cloudflare URL<p>- profit<p>?
oh wow, a blast from the past. I remember a site called staticdrop or statichost like a decade ago, before vercel and everything that did the same thing<p>Good to see great ideas making a comeback
Dropped a folder with a small HTML project, and after 20 seconds got "Something went wrong. An unexpected error occurred. Please try again or contact support.".<p>Note how the error has <i>zero</i> information.<p>Looking in the network tab, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked".<p>I'm very tired of this adversarial approach to software coupled with vague errors.<p>EDIT: it was the file './git/hooks/fsmonitor-watchman.sample' created by default on git init. Maybe because it's Perl. Worse-than-useless "please try again" and "you've been blocked" for committing the sin of uploading a folder that's a git repository. Sigh...
Wait, my first impression was that it points a local browser to your local browser. Now it looks like it uploads your folder to Cloudflare and temporarily serves it over the web. But is that different from what we used to do with FTP? Are there any databases or anything like basic PHP hosts supply? It's just static sites?<p>Is this a product or what? What's the purpose? Is there an API?
Tried uploading a ZIP and got:<p>"Something went wrong
An unexpected error occurred. Please try again or contact support."
Wonder if it has CLI so coding agents can forward path straight to their API and it would give the CLI site's address. Now that would be cool!
Hah! This is exactly how I’m serving the vestigial remnant of my blogging in the early 2000s from a ZIP-backed Cloudflare Worker today. Should I rebuild my site with Drop+Claim or is it fine as-is? I kind of feel like ‘if what I have works, don’t change it’ is the best path.
I thought cf dns was down again
> <i>No account needed. Deployment is active for 60 minutes, then expires unless you claim it.</i><p>(<a href="https://x.com/BraydenWilmoth/status/2074894829616509358" rel="nofollow">https://x.com/BraydenWilmoth/status/2074894829616509358</a>)
All I ever get is "Something went wrong
An unexpected error occurred. Please try again or contact support."
This is pretty cool, thanks for sharing.
It really enables less tech savvy users. It would really enable frontpage/dreamworks-like flows for some people
I think this is great. As usual the reaction from HN folks is on brand.
JAMstack for the rest of us I suppose.
What is this <i>for</i>?
I have hosted my personal site on Netlify for many many years because it's just basic js/html/css, I picked Netlify because I can just updated the index.html in the "website" folder on my desktop and literally drag it to Netlify to update it, saves a lot of time/thinking if you need something simple online quickly to show someone etc. I presume this is a similar idea.
I remember doing this in 2006. FTP. Good times.
Extension of the temporary accounts they needed to enable for Agents <a href="https://blog.cloudflare.com/temporary-accounts/" rel="nofollow">https://blog.cloudflare.com/temporary-accounts/</a>
Yet I can't drag and drop a plain old HTML file without putting it in a folder or a ZIP file first.
Interesting
Cool, just 20 years too late.
This is cool and I like it.
It would be nice if we could see some information such as file size limitations, demos, link structure, management, etc. Am I expected to upload a random HTML file and see how it works?
Yeah I'm very lost on what this is supposed to do -- "Summon your site" is quite vague. "see it live", like a demo? or is this actually published somewhere? Is it forever?<p>Desktop mode doesn't show any more information either
Yep, I chucked it a file on my desktop:
index.html present
Max individual file size 25MB
Total file count <2000
Total size less than 100MB
Look. Guys (?)<p>If cloudflare wants to be the next "Megaupload" what business is it of yours?<p>There is a guy named kim DOT com. That is actually fucking cool. Whether or not he himself is actually cool. Or in prison.
Cloudflare is really good at launching features that facility low-friction deployment of malicious content (such as phishing) on the Internet, piggybacking on their hosting reputation and the fact that you can't easily block their ASN or domains.
I don't know your experience. Once I was toying around and doing a basic auth with registration and so. The weekend was over and couldn't get back to that couple of months. The worker was quarantined and marked as phishing automatically. So I believe they have something in place to prevent those you complain.
Cloudflare is also like a Chinese copycat machine. They mostly copy some successful project and sell it at cheap price.
Be the change you want to see to make the world of your dreams.<p>And then sell its denizens malice protection services.
It could be fun to use a temporary Mediafire/Rapidshare/Megaupload service. Especially if you need to transfer something between an Android and an iPhone.
The internet will soon be flooded with even more scam landing pages.
Cloudflare folks: Please consider supporting WARC archives for deployment.
Odds are that this new feature will not suffer the same outcome as Megaupload, because of Cloudflare's close relationship with the USG.
geocities/angelfire but for Gen Z and A
[dead]
This definitely won't get used to host unlimited phishing sites. /s
shitty app, doesnt even exclude hidden folders
This is so cool.
Cloudflare has the astonishing ability to make me hate them more as a company every new feature they launch.
Congratulations on launching!<p>I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It <i>should</i> just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.<p>Please drop your cloudflare email address and I will reach out to you with my repository information.
Or you could do some of your own troubleshooting? Uploading a git repo is different than uploading a zipped/folder, especially if your index.htm/l isn't at the root.
Hey stranger, welcome to 2026. It’s somewhat different to what you’re used to in 2035. We do things differently here.