发表新帖
发表新帖

HTTP to HTTPS redirection on App Engine Flexible

前端 未结
关注
3 725
傲寒
傲寒 2020-11-29 09:40

I\'ve followed the answer of this: Redirect from http to https in google cloud but it does not seem to be currently accurate any more. The anchor referenced ( https://cloud.

相关标签:
3条回答
  • -上瘾入骨i
    2020-11-29 09:53

    GCP This should be as easy to just use the gcloud app cli and configure a header (Strict-Transport-Security) or redirect rule. Perhaps the push is to force us to Firebase Hosting instead which is forcing HTTPS already. For a quick solution for Single Page apps (static content) with React, Angular etc, we can use this JS snippet.

    It ignores localhost environments. You can change localhost with a host name that you would like to exclude. It then redirects using https as protocol.

     if ( location.host.indexOf("localhost") < 0 && location.protocol.toLowerCase() !== "https:"){
     const url= `https://${location.host}`;
    location.replace(url);    
  }
    0 讨论(0)
  • 抹茶落季
    2020-11-29 09:54

    Pulling Justin's yes-https library, I was able to get this to work:

    var app = express();
app.use(function(req, res, next){
  if (req.host != 'localhost' && req.get('X-Forwarded-Proto') == 'http') {
    res.redirect(`https://${req.host}${req.url}`);
    return;
  }

  app.router(req, res, next);
});

    At first I thought I had to do that since I was on an appengine subdomain and couldn't use HSTS. Then I learned HSTS works fine for subdomains. :) Regardless, I thought people might want to see what the magic bit to use was if they didn't want to use yes-https for some reason.

    Justin, auto-redirecting all traffic to SSL by default sounds great to me. I just spent hours trying to figure out how to do so before I found this post because I was trying to get my app to get Chrome's add to homescreen install banner as per https://developers.google.com/web/fundamentals/engage-and-retain/app-install-banners/.

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-11-29 10:15

    The flexible environment does not current support handlers in the app.yaml. If you want https:// redirection, you have a few options:

    • Use helmet to do to HSTS stuff for you, and implement your own initial redirect.
    • I wrote a happy little library to always forces SSL on all routes for express yes-https

    We are considering auto-redirecting all traffic to SSL by default. Do you think that would be a good thing for your apps?

    0 讨论(0)
 看不清?
提交回复
热议问题