code · pull · Mar 12, 2026 · Mar 11, 2026 · Mar 11, 2026 · Mar 11, 2026
diff --git a/.changeset/bumpy-suns-press.md b/.changeset/bumpy-suns-press.md
@@ -0,0 +1,7 @@
+---
+"@cloudflare/vite-plugin": minor
+---
+
+Support local explorer `/cdn-cgi/` routes
+
+The local explorer UI can now be accessed at `/cdn-cgi/explorer`.
diff --git a/.changeset/deprecate-ssh-passthrough-flags.md b/.changeset/deprecate-ssh-passthrough-flags.md
@@ -0,0 +1,7 @@
+---
+"wrangler": minor
+---
+
+Deprecate SSH passthrough flags in `wrangler containers ssh`
+
+The `--cipher`, `--log-file`, `--escape-char`, `--config-file`, `--pkcs11`, `--identity-file`, `--mac-spec`, `--option`, and `--tag` flags are now deprecated. These flags expose OpenSSH-specific options that are tied to the current implementation. A future release will replace the underlying SSH transport, at which point these flags will be removed. They still function for now.
diff --git a/.changeset/thin-poems-dream.md b/.changeset/thin-poems-dream.md
@@ -0,0 +1,7 @@
+---
+"@cloudflare/containers-shared": minor
+---
+
+Update the `proxy-everything` image used for containers local dev
+
+The egress interceptor image now supports HTTPS and ingress over HTTP CONNECT in workerd.
diff --git a/packages/containers-shared/src/images.ts b/packages/containers-shared/src/images.ts
@@ -18,7 +18,7 @@ import type {
 } from "./types";
 
 export const DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE =
-	"cloudflare/proxy-everything:3f5e832@sha256:816255f5b6ebdc2cdcddb578d803121e7ee9cfe178442da07725d75a66cdcf37";
+	"cloudflare/proxy-everything:233db0f@sha256:f159d9e1b0f28bc01bd106f38d62479c018d050e3f95b365c5f9b5f83f60df82";
 
 export function getEgressInterceptorImage(): string {
 	return (

diff --git a/packages/vite-plugin-cloudflare/src/index.ts b/packages/vite-plugin-cloudflare/src/index.ts
@@ -2,6 +2,7 @@ import { assertWranglerVersion } from "./assert-wrangler-version";
 import { PluginContext } from "./context";
 import { resolvePluginConfig } from "./plugin-config";
 import { additionalModulesPlugin } from "./plugins/additional-modules";
+import { cdnCgiPlugin } from "./plugins/cdn-cgi";
 import { configPlugin } from "./plugins/config";
 import { debugPlugin } from "./plugins/debug";
 import { devPlugin } from "./plugins/dev";
@@ -14,7 +15,6 @@ import { outputConfigPlugin } from "./plugins/output-config";
 import { previewPlugin } from "./plugins/preview";
 import { rscPlugin } from "./plugins/rsc";
 import { shortcutsPlugin } from "./plugins/shortcuts";
-import { triggerHandlersPlugin } from "./plugins/trigger-handlers";
 import {
 	virtualClientFallbackPlugin,
 	virtualModulesPlugin,
@@ -81,7 +81,7 @@ export function cloudflare(pluginConfig: PluginConfig = {}): vite.Plugin[] {
 		previewPlugin(ctx),
 		shortcutsPlugin(ctx),
 		debugPlugin(ctx),
-		triggerHandlersPlugin(ctx),
+		cdnCgiPlugin(ctx),
 		virtualModulesPlugin(ctx),
 		virtualClientFallbackPlugin(ctx),
 		outputConfigPlugin(ctx),

diff --git a/packages/vite-plugin-cloudflare/src/plugins/cdn-cgi.ts b/packages/vite-plugin-cloudflare/src/plugins/cdn-cgi.ts
@@ -0,0 +1,43 @@
+import { CoreHeaders } from "miniflare";
+import { createPlugin, createRequestHandler } from "../utils";
+
+/**
+ * Plugin to forward `/cdn-cgi/` routes to Miniflare in development
+ * We handle specified routes rather than using a catch all so that users can add their own routes using Vite's proxy functionality
+ */
+export const cdnCgiPlugin = createPlugin("cdn-cgi", (ctx) => {
+	return {
+		enforce: "pre",
+		async configureServer(viteDevServer) {
+			const entryWorkerConfig = ctx.entryWorkerConfig;
+
+			if (!entryWorkerConfig) {
+				return;
+			}
+
+			const entryWorkerName = entryWorkerConfig.name;
+			const requestHandler = createRequestHandler((request) => {
+				request.headers.set(CoreHeaders.ROUTE_OVERRIDE, entryWorkerName);
+				return ctx.miniflare.dispatchFetch(request, {
+					redirect: "manual",
+				});
+			});
+
+			viteDevServer.middlewares.use(async (req, res, next) => {
+				const url = req.originalUrl ?? "";
+
+				const isLocalExplorer =
+					url === "/cdn-cgi/explorer" ||
+					url.startsWith("/cdn-cgi/explorer/") ||
+					url.startsWith("/cdn-cgi/explorer?");
+				const isTriggerHandler = url.startsWith("/cdn-cgi/handler/");
+
+				if (isLocalExplorer || isTriggerHandler) {
+					await requestHandler(req, res, next);
+				} else {
+					next();
+				}
+			});
+		},
+	};
+});
diff --git a/packages/vite-plugin-cloudflare/src/plugins/trigger-handlers.ts b/packages/vite-plugin-cloudflare/src/plugins/trigger-handlers.ts
diff --git a/packages/wrangler/src/__tests__/containers/ssh.test.ts b/packages/wrangler/src/__tests__/containers/ssh.test.ts
@@ -35,18 +35,7 @@ describe("containers ssh", () => {
 			  -e, --env       Environment to use for operations, and for selecting .env and .dev.vars files  [string]
 			      --env-file  Path to an .env file to load - can be specified multiple times - values from earlier files are overridden by values in later files  [array]
 			  -h, --help      Show help  [boolean]
-			  -v, --version   Show version number  [boolean]
-
-			OPTIONS
-			      --cipher         Sets \`ssh -c\`: Select the cipher specification for encrypting the session  [string]
-			      --log-file       Sets \`ssh -E\`: Append debug logs to log_file instead of standard error  [string]
-			      --escape-char    Sets \`ssh -e\`: Set the escape character for sessions with a pty (default: '~')  [string]
-			  -F, --config-file    Sets \`ssh -F\`: Specify an alternative per-user ssh configuration file  [string]
-			      --pkcs11         Sets \`ssh -I\`: Specify the PKCS#11 shared library ssh should use to communicate with a PKCS#11 token providing keys for user authentication  [string]
-			  -i, --identity-file  Sets \`ssh -i\`: Select a file from which the identity (private key) for public key authentication is read  [string]
-			      --mac-spec       Sets \`ssh -m\`: A comma-separated list of MAC (message authentication code) algorithms, specified in order of preference  [string]
-			  -o, --option         Sets \`ssh -o\`: Set options in the format used in the ssh configuration file. May be repeated  [string]
-			      --tag            Sets \`ssh -P\`: Specify a tag name that may be used to select configuration in ssh_config  [string]"
+			  -v, --version   Show version number  [boolean]"
 		`);
 	});
 
@@ -65,12 +54,12 @@ describe("containers ssh", () => {
 		setWranglerConfig({});
 		msw.use(
 			http.get(`*/instances/:instanceId/ssh`, async () => {
-				return new HttpResponse(
-					`{"success": false, "errors": [{"code": 1000, "message": "something happened"}]}`,
+				return HttpResponse.json(
 					{
-						type: "applicaton/json",
-						status: 500,
-					}
+						success: false,
+						errors: [{ code: 1000, message: "something happened" }],
+					},
+					{ status: 500 }
 				);
 			})
 		);
@@ -95,12 +84,9 @@ describe("containers ssh", () => {
 		setWranglerConfig({});
 		msw.use(
 			http.get(`*/instances/:instanceId/ssh`, async () => {
-				return new HttpResponse(
-					`{"success": true, "result": {"url": "${wsUrl}", "token": "${sshJwt}"}}`,
-					{
-						type: "applicaton/json",
-						status: 200,
-					}
+				return HttpResponse.json(
+					{ success: true, result: { url: wsUrl, token: sshJwt } },
+					{ status: 200 }
 				);
 			})
 		);