Back to browse
PandaPage – host an HTML page with one curl, no signup, auto-expires

PandaPage – host an HTML page with one curl, no signup, auto-expires

by itskritix·Jul 9, 2026·1 point·0 comments

AI Analysis

●●●BangerBig BrainShip ItSolve My Problem

Token-based auth without accounts beats Netlify Drop for quick ephemeral deploys.

Strengths
  • KV TTL expiry means no cron jobs—pages 404 instantly when they lapse.
  • AI agent prompt built-in, recognizing how devs actually deploy now.
  • POST JSON or zip, get a live URL back—genuinely one-request deployment.
Weaknesses
  • 24h default expiry limits use cases; tiiny.host offers permanent free tiers.
  • Cloudflare subdomain only—no custom domain support for serious projects.
Target Audience

Developers needing quick ephemeral hosting for mockups, demos, or AI agent deployments

Similar To

tiiny.host · tmp.ninjas · Netlify Drop

Post Description

I wanted to put a quick HTML page online to share, a mockup or a one-off demo, without a signup, a git repo, or a build step. Existing options all wanted one of those, so I built this.

One request creates a site:

``` curl -X POST https://pandapage.clawshop.sh/api/deploy \ -H "content-type: application/json" \ -d '{"files":{"index.html":"<h1>hi</h1>"}}' ```

You get back a URL like pandapage.clawshop.sh// and a token. The token is the only thing gating updates and deletes, so there are no accounts. You can also POST a zip instead of JSON, and binaries go as base64.

Pages expire after 24h by default (configurable per deploy from 10 minutes to 7 days, and re-deploying resets the clock). Expiry is a KV key TTL, so a page starts returning 404 the moment it lapses, and an R2 lifecycle rule sweeps the underlying files a few days later. No cron job.

Because it is just a JSON API with no auth handshake, coding agents can deploy to it directly. I gave Claude Code a short prompt and now "host this page" turns into a live URL. That was the actual motivation, giving agents a place to publish.

Stack is a single Cloudflare Worker that does both the deploy API and file serving, with R2 for the files and KV for metadata plus TTL. Whole thing is a few hundred lines.

Known tradeoffs: no auth means anyone with the URL sees the page, and anyone can create sites (expiry plus an R2 lifecycle rule keep storage bounded). No custom domains per site yet. Path-based rather than subdomain-based, so absolute asset paths need to be relative.

Happy to answer questions about the design.

Similar Projects