I have the following yaml:
runtime: python27
api_version: 1
threadsafe: true
handlers:
- url: /.*
script: main.app
In the main.py I have a wsgi serving "Hello world" for the route "/(.*)".
Now the issue I have is that when I execute:
curl -v -H 'Host: myapp.appspot.com' 'https://storage.googleapis.com/greetme'
Even though I can see that the SNI and Host is the expected, I get:
<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>Anonymous caller does not have storage.objects.get access to myapp.appspot.com/test.</Details></Error>
But if I use postman or fiddler for the same request then I get the actual "Hello World"
I have tried to debug this, by looking the exact headers sent in each case but with no luck. Even after sending exactly identical headers I got the same issue.
This think is driving me crazy any ideas why I have this behaviour?
EDIT:
It looks like when I use the proxy, main.py is serving my request
but when I use the curl, then the server is trying to locate e.g. in the given example the greetme resource on myapp.appspot.com completely bypassing my pythonapplicaton. I have tried btw to change the user-agent but nothing. Still not sure why this is happening.
EDIT2:
After taking a look at wireshark, fiddler is opening two ssl connections, the first at storage.googleapis.com and the second at myapp.appspot.net. So the connection at myapp.appspot.net is not routed through the first session.
So it works as expected for curl and fiddler (but not as I would like).
Regardless of that, if I create a file test.txt on my bucket and provide the read permission to allusers then the:
curl -v -H 'Host: myapp.appspot.com' 'https://storage.googleapis.com/test.txt'
Returns the actual content of my test.txt and is routed through googleapis. Shouldn't there be a way of running my application as well? or they allow domain fronting only for static content?
Related
I am following the Quickstart for Cloud Endpoints Frameworks on App Engine in standard environment. I have deployed the sample API. When I open https://[my-project].appspot.com/ I get the error message:
Error: Not Found. The Requested URL / was not found on this server
The logs show the message:
No Handlers matched this url
The app.yaml handlers are the what came with the endpoints-frameworks-v2/echo sample:
handlers:
# The endpoints handler must be mapped to /_ah/api.
- url: /_ah/api/.*
script: main.api
I was having great difficulty generating the OpenAPI configuration file in a previous step of the quickstart. I got it to work by updating the system variable path for the SDK but I did get this error:
No handlers could be found for logger "endpoints.apiserving"
WARNING:root:Method echo.echo_path_parameter specifies path parameters buy you are
not using a ResourceContainer. This will fail in future releases; please
switch to using ResourceContainer as soon as possible.
I have no idea if this error is relavant to the current problem.
Any help would be much appreciated.
Regarding the "No handlers could be found for logger..." you need to do this:
http://excid3.com/blog/no-handlers-could-be-found-for-logger
The other issue is a known issue:
What are ResourceContainers and how to use them for Cloud Endpoints?
You need a url handler for / if that is a valid url:
handlers:
# The endpoints handler must be mapped to /_ah/api.
- url: /_ah/api/.*
script: main.api
- url: /.* # catchall for all other urls
script: main.api # or wherever you handle the request for `/` and others
from google.appengine.api import urlfetch
totango_url = "https://sdr.totango.com/pixel.png"
totango_url2 = "https://app.totango.com/images/accounts-users.png"
result = urlfetch.fetch(totango_url, validate_certificate=None )
print result.status_code
In production , request to totango_url logs indicate (with no error_detail) :
DownloadError: Unable to fetch URL: https://sdr.totango.com/pixel.gif
i ran this curl command. works fine from local setup , for both the https totango urls
curl -v "https://sdr.totango.com/pixel.gif"
curl -v "https://app.totango.com/images/accounts-users.png"
The ssl certificates are valid and same for both urls.
using the urlfetch.fetch on both urls also returns 200 from my (local) datastore console.
However , the urlfetch.fetch calls to https://sdr.totango.com/pixel.png fails with the above error
Also , i ran the same code in the google cloud playground tweaking the sample app-engine application and seem to get a 200 response for totango_url2 while it returns a 500 for totango_url. Both have the same ssl certificate , i think.
is there some ip whitelisting /firewall issue that app-engine in production that i need to take care of?
This sounds more like an issue on the remote side. If you're able to fetch that image from one place but not another, that speaks to the remote site doing some sort of filtering, possibly by IP address.
I would like to know if is there a way to validate that a request (say a POST or a GET) was made over https,
I need to check this in a webapp2.RequestHandler to invalidate every request that is not sent via https
best regards
Check the self.request.environ['HTTPS'] == 'on' # or 'off'.
If you only use https, consider using secure:always in your app.yaml as follows:
handlers:
- url: /.*
script: main.app
secure: always
The answer provided above to use the app.yaml config works well but in some case you need the granularity of checking this your python code itself, which is I believe what you asked for since you want to check in the RequestHandler.
Here is what you can do inside your RequestHandler:
if self.request.scheme.lower() != 'https':
self.abort(403)
else:
# handle your request here, you know it's secured!
If you are using GAE Flex (where the secure: directive doesn't work), the only way I've found to detect this (to redirect http->https myself) is to check if request.environ['HTTP_X_FORWARDED_PROTO'] == 'https'
I'm facing a problem where a static file is showing up correctly on the local machine via dev_appserver.py but once uploaded to the server it doesn't show and gives me a 404 error.
The partial directory file structre is:
- static/
articles.html
images/*.png
The partial app.yaml file is:
runtime: go
api_version: go1
- url: /(articles\.html)
static_files: static/\1
upload: static/*.html
I then to access this via the http url appname.appspot.com/articles.html.
I downloaded the code after I put it on the appengine server to ensure that articles.html has actually been uploaded in the said directory, and it has. So the exact same file structre locally and on the server, but it gives a 404 on the server and works locally. I have the latest versions of the appengine. Any help on what I could be doing wrong?
thanks in advance
Sathish
Just putting this up for completeness ... I went back and tried various reasonable combinations again and found that this config works:
- url: /(articles)\.html
static_files: static/\1.html
upload: static/.*.html
It is ridiculous of me to make the claim now, but I remember attempting a regex for the "upload" entry earlier and it hadn't worked. So, I don't clearly know the issue, however, my best guess is that dev_appserver.py is probably taking some shortcuts to serve static files and not behaving exactly like the appengine would. I shall raise an issue on that and see if there is any resolution or clarification.
In the answer to the question Error sending e-mail via SMTP server on App Engine development server there is a nice solution by Blixt:
"dev_appserver.py does not support TLS
which is required by Gmail. You can
enable it by adding a few lines in api/mail_stub.py:"
# After smtp.connect(self._smtp_host, self._smtp_port)
smtp.ehlo()
smtp.starttls()
smtp.ehlo()
But windows Vista would not let me change api/mail_stub.py
Is there another way to send mail from development server. Other options (Sendmail and ISP are not good for me). Thanks!
EDIT
I changed the api/mail_stub.py according to instructions here and I use the following command-line options:
dev_appserver.py
--smtp_host=smtp.gmail.com
--smtp_port=25
--smtp_user=xxxx#gmail.com
--smtp_password=gmail_pw
C:\Users\A\Desktop\repeater # path to root directory
But I get this error from Log Console:
***********************************************************
2010-11-18 10:24:37 Running command: "['C:\\Python26\\pythonw.exe',
'C:\\Program Files(x86)\\Google\\google_appengine\\dev_appserver.py',
'--admin_console_server=',
'--port=8080',
u'dev_appserver.py',
u'--smtp_host=smtp.gmail.com',
u'--smtp_port=25',
u'--smtp_user=xxxx#gmail.com',
u'--smtp_password=gmail_pw
C:\\Users\\A\\Desktop\\repeater',
'C:\\Users\\A\\Desktop\\repeater']"
Runs a development application server for an application.
dev_appserver.py [options] <application root>
Application root must be the path to the application to run in this server.
Must contain a valid app.yaml or app.yml file.
****************************************************
This is the app.yaml:
application: re-peater
version: 1
runtime: python
api_version: 1
handlers:
- url: /favicon.ico
static_files: static/images/favicon.ico
upload: static/images/favicon.ico
- url: /stylesheets
static_dir: stylesheets
- url: /.*
script: repeater.py
All this works without these command line options. Any suggestions why this is not working?
If you really, really need to send real email from the dev_appserver, you should set up your own mail relay on your machine, and point the SDK at that. I'm curious why it's so important to send real email, though - this is the development server, and you shouldn't be using it for anything other than development.
Change the file permissions so that you can change the api/mail_stub.py file.
This is no longer necessary
in /appengine/api/mail_stub.py
if self._allow_tls and smtp.has_extn ('STARTTLS'):
smtp.starttls ()
I am using appengine sdk version 1.9.15.