my current web app resolves/response to both http and the https. How do I configure my app.yaml in a way that it should always resolve the incoming requests to https even if the user try forcefully through http.
PS: Noob here ;)
You can use the secure element as explained in the docs for the paths you want to force https.
Requests for a URL that match this handler that do not use HTTPS are
automatically redirected to the HTTPS URL with the same path. Query
parameters are preserved for the redirect.
Example:
- url: .*
script: main.app
secure: always
Related
I am setting up URL Maps on our Backend Services with Load Balancer. The issue is that my URL Maps are not working for some reason. When I tried to browse domain.com/path, it shows
The requested URL /bpd was not found on this server.
I do believe I did the correct way, but seems that its still not working.
Please see screenshot below:
[![image][1]][1]
/* - working
/path1 and /path2 - not working, shows error - was not found on this server
app.yaml file:
runtime: python27
api_version: 1
threadsafe: true
service:
handlers:
- url: /
static_files:
upload:
secure: always
redirect_http_response_code: 301
- url: /(.*)
static_files: www/\1
upload: www/(.*)
I also set-up Serverless network endpoint group and connected with Google App Engine for the Backend Services.
Thank you all for your help.
Thanks to your comment, I though I found the mistake. In fact, when you define a URL map in a load balancer, the query path in entry of the load balancer is, by default, forwarded as-is to the backend.
Let's take your case
you have this URL map: <URL>/address/*. Your URL path is /address/*
The backend is <myAddressAppEngine.appspot.com>. It received the request on this path <myAddressAppEngine.appspot.com>/address/*
And it doesn't work because in reality you expect <myAddressAppEngine.appspot.com>/*.
To solve that, you can use advanced mode in the URL map
Start by setting the default backends for any URL and any path
Then add a new path rule and configure it like this, with a path rewrite to /
I'm getting this error in browser:
Mixed Content: The page at 'https://{my-site}' was loaded over HTTPS, but
requested an insecure XMLHttpRequest endpoint 'http://{my-api}'. This request
has been blocked; the content must be served over HTTPS.
I know I need to allow https some how. The application uses Gunicorn to run the application on custom Google App Engine Flexible Environment. It also uses flask. Here is my app.yaml:
runtime: custom
env: flex
service: flex-module
entrypoint: gunicorn -b :$PORT main:app
Is it possible to change some setting in the Extensible Service Proxy to allow https in App Engine? Or do I need to get an ssl certificate and key and add the following to my app.yaml:
gunicorn -w3 --certfile=server.crt --keyfile=server.key test:app
Also i'm not sure if i need to add this to a gunicorn.conf.py as in this documentation:
forwarded_allow_ips = '*'
secure_scheme_headers = {'X-APPENGINE-HTTPS': 'on'}
Thanks
As stated in the documentation, Google does not issue SSL certificates for double-wildcard domains that are hosted at appspot.com:
Note: Google recommends using the HTTPS protocol to send requests to your app. Google does not issue SSL certificates for double-wildcard domains that are hosted at appspot.com. Therefore, HTTPS requests must use the string "-dot-" as the URL notation, instead of "." for separating subdomains. You can use the simple "." URL notation with your own custom domains and other HTTP addresses. For more information, see the HTTP and HTTPS examples in the following sections.
So to allow API requests over https and avoid the mixed content browser error, instead of http://version-one.my-app.appspot.com I needed to send request to: https://version-one-dot-my-app.appspot.com
To make HTTPS calls, enable the ssl library for your app by adding the following configuration to the app.yaml file:
libraries:
name: ssl
version: latest
https://google-auth.readthedocs.io/en/latest/user-guide.html
I would like my Cloud Endpoints API to be called with HTTPS. My app.yaml file contains the following:
# The endpoints handler must be mapped to /_ah/api.
- url: /_ah/api/.*
script: main.api
secure: always
If a client (i.e. website) makes an insecure (HTTP) call to the endpoint URL, App Engine performs a redirect to the secure version (HTTPS)
For example, suppose my App Engine app is at http://api.endpoints.my-app.appspot.com and the API endpoint for making a HTTP GET request to the method mymethod is:
http://api.endpoints.my-app.appspot.com/_ah/api/myapp/v1/mymethod
App Engine redirects to the HTTPS version:
https://api.endpoints.my-app.appspot.com/_ah/api/myapp/v1/mymethod
However, the redirect from is blocked:
blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
How can I add the required header to my resource (i.e. my Cloud Endpoints API on App Engine)? Google's documentation states CORS is enabled by default on App Engine Standard - which is what I'm using. So I'm unsure why this is even a problem.
You should be able to configure the Access-Control-Allow-Origin header in app.yml. For your case, please try the following to the app.yml file:
handlers:
- url: /_ah/api/.*
script: main.api
secure: always
http_headers:
Access-Control-Allow-Origin: http://localhost:4000
More to read:
app.yml reference
A related SO question
I have an webapp2 WSGI app which runs on App-Engine. How do I configure its routes with HTTPS scheme when the app is running in production but if it's running in development environment it should use HTTP scheme ?
EDIT: As suggested, I am adding a link which points webapp2 routing schemes
http://webapp2.readthedocs.io/en/latest/guide/routing.html#restricting-uri-schemes
You can simply enable https in your app's app.yaml like below:
- url: .*
script: main.app
secure: always
You will then get https on appengine but devapp_server will still serve everything on http
You could simply do something like this:
scheme = 'http' if os.environ.get('SERVER_SOFTWARE').startswith('Development') else 'https'
webapp2.Route(..., schemes=[scheme])
Is it possible in the app.yaml to make sure that all requests to my app on http get redirected to https without having to specify secure: always for every url endpoint in my app.
Currently I am doing this:
url: /users/login
script: users_handler.app
secure: always
url: /signin
script: authentication.app
secure: always
url: /users/logout
script: users_handler.app
secure: always
But as new urls are added, its risky as a developer might forget to specify secure always. I would prefer to just specify a global setting that applies to all urls in my app.
If you don not want to use secure in your app.yaml you can accomplish this with webapp2.
https://webapp2.readthedocs.io/en/latest/guide/routing.html#restricting-uri-schemes
And here is a working code eaxmple: How to use WSGI to reroute a user from http to https
I feel like archaeologist, but nonetheless I'll share my findings.
All it has to be made is to add this into app.yaml:
handlers:
- url: /.*
secure: always
script: auto
There is even documentation example with that case. It's exactly the same as mine, but I removed redirection.
I don't believe that is possible. However, I think you can mitigate the problem by restructuring the URLs you have defined in your app.yaml.
The URLs is matched against handlers in your app.yaml starting from the top. So you should specify your one-off URLs and then at the bottom have a catch all setting that routes all URLs that didn't match the other settings to your default handler. You application should then display 404 pages etc. for URLs that don't exist in your application.
Something like this would work:
- url: /signin
script: authentication.app
secure: always
- url: /.*
script: users_handler.app
secure: always
This way you only have to specify a couple handlers for your application and you are much less likely to miss setting secure:always when adding a new URL or setting.
Hope that helps!