How to enforce HTTPS traffic to Google App Engine with custom domain?
I have a site on Google Domains (www.example.com) and it\'s hosted with Gcloud. I followed the instructions listed here to set up SSL and https: https://cloud.google.com/app
-
Not sure what backend language you are using, but you can brute-force to ssl by checking the request header then redirecting. Example:
if request.environ.get('HTTPS') == 'off': return redirect('https://www.example.com' + request.environ.get('PATH_INFO'), 301)讨论(0) -
Have you tried setting
secure: alwaysin your handlers in yourapp.yaml?handlers: - url: /youraccount/.* script: accounts.app login: required secure: alwaysalways
Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are preserved for the redirect
https://cloud.google.com/appengine/docs/standard/python/config/appref#handlers_element
讨论(0) -
secure: alwaysstill works in all standard environments, but the secure option has been deprecated in all flexible environments, see documentation here or here for Node.js.If you need this feature in your current environment, the suggested solutions require changes to your application code. Either use the custom HTTP header
X-Forwarded-Prototo redirect the HTTP traffic to HTTPS, or use the HTTP Strict Transport Security response header.讨论(0) -
Alex's answer (see comments) put me on the right path.
First
meteor add gadicohen:headersto addheadersinfo.In my router logic (Iron Router on Meteor) in a before hook, I check if the
x-forwarded-protoishttp. If so, replacehttpwithhttpsand go to that URL instead. I make sure I'm not on localhost too, so that I can develop the siteRouter.onBeforeAction(function () { <some other logic> // Redirect http to https if (headers.get('x-forwarded-host') !== "localhost:3000") { if (headers.get('x-forwarded-proto') === "http") { window.location = window.location.href.replace('http', 'https') } } });讨论(0)
加载中...
- 热议问题