I am trying to access Datastore Admin on Google App Engine but I get Unable to resolve the server's DNS address error.
The url that cannot be translated is: [https protocol]ah-builtin-python-bundle-dot-[myapp].gene.com/_ah/datastore_admin/?app_id=s~gene.com:[myapp]&adminconsolecustompage
I tried with adding exceptions to coookies because when I try directly access it with [http protocol][myapp].gene.com/_ah/datastore_admin I get error with redirect loop.
Any idea? Any workarounds are also welcomed - I just need to copy datastore to local environment.
Witek
Thank you, Patrick.
Your guess turned out to be the right one. The domain is not set up properly and this is the reason of problems.
Related
I run Google Ads on my Google-App-Engine-hosted website (www.bigriddles.com), and they tell me I need to have an "ads.txt" file served from the root domain (i.e. http://bigriddles.com/ads.txt, as opposed to http://www.bigriddles.com/ads.txt).
My DNS is hosted on Gandi, and I created their "ALIAS" record (which I think just does CNAME flattening or something similar) to alias "bigriddles.com" to "ghs.googlehosted.com." I chose "ghs.googlehosted.com" because that's what I CNAMEd "www.bigriddles.com" to (many years back), and that CNAME has been working fine.
However, now when I visit "bigriddles.com", I get an "HTTP 301 Moved" to "www.bigriddles.com", and as far as I can tell, this response isn't coming from any code I wrote (I've looked through my code and don't see anything that would redirect this). Furthermore, there is a "Server: ghs" header in the response from "bigriddles.com", whereas if I visit "www.bigriddles.com", which works fine, the response includes the header "Server: Google Frontend". I'm not sure if there is some hint of my problem in the difference between those two Server headers.
Anyway, I'm not sure exactly what's going wrong. It could be a DNS issue. I say this because "dig www.bigriddles.com" comes back with the IP 172.217.14.115, whereas "dig bigriddles.com" comes back with "172.217.168.211", so maybe one of these really is a "ghs" server and the other is a "Google Frontend" server (I'm not sure the difference) and this "ALIAS" DNS solution just isn't going to work.
More likely though I feel like maybe there is just some settings problem with my App itself where it's not set up to allow the apex domain "bigriddles.com", and if I change that setting it will start working?
I have gone through the steps on https://cloud.google.com/appengine/docs/standard/python/mapping-custom-domains. When I view the "Custom Domains" for my project, I see "www.bigriddles.com" and "m.bigriddles.com", but I don't see the naked domain "bigriddles.com". However, when I try to add it on that page, it tells me that "bigriddles.com" is already mapped to a project, so I'm not sure what to make of that.
Any help would be appreciated, thank you!
This seems like an issue with your domain provider.
You can use this tool that might help you contact the domain provider with detailed info.
If they insist it's not an issue on their side (I strongly believe it is), then you should contact Google Cloud Platform Support so a deeper inspection can be made on your project.
If you're also using G Suites for your domain, the criminal is G Suites' Domain -> Redirect. If it is, it's a pity that Google does not let us turn off the so-called feature.
Since G Suites use as the same entry point as App Engine, you have no chance to solve this other than moving your site outside Google services or stop using G Suite.
I'm trying to write a VSCode extension where users could log into Google AppEngine with a google account, and I need to get their SACSID cookie to make appengine requests.
So I'm opening a browser window at
https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttp://localhost:3000/
(generated by google.appengine.api.users.create_login_url)
The user logs in and is redirected to my local webserver at
localhost:3000/_ah/conflogin/?state={state}
Now I try to forward the request to my AppEngine app (since it knows how to decode the state parameter), so I do a request to
https://my-app.appspot.com/_ah/conflogin/?state={state}
basically just replacing localhost with the actual app.
but it doesn't work, presumably because the domain is different. I assume this is on purpose, for security.
Is there any way I can make this work ?
Not ideal, but the only solution I've found is to have an endpoint on my GAE instance that does the redirection. Then I can set that as the continue url, when I'm starting the authentication process
https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://my-app.appspot.com/redirect?to=http://localhost:3000
I think you should center the attention on the protocols you are using, since it’s known that the cookie name is based on the http protocol (HTTP : ACSID, HTTPS:SACSID), and that’s the security perspective till this point for me.
Having the error you are facing now would be helpful to understand the problem better. Also, how are you performing the call to the API and the code you are using would be helpful too.
I am calling a third party web service from app engine. This particular service is picky. I ran into an issue where calls would work fine for a while, then stop working, then start working again. I realized that if I manually stopped all instances in the admin console, that the calls would work again.
I setup a proxy to route the calls through that so I could see the headers and all detail. I think I have tracked the issue down to the following. After an instance has been up for a while (the app usually just needs 1 to 3 instances right now) app engine will start using the IP address of the destination as the value for the host header instead of the hostname. Well the service doesn't like that. Whether it should care is another matter.
So my question is, why does app engine use the ip address for the host header eventually instead of the hostname? And, of course, is there anything I can do about it? I know that I cannot set the host header, but maybe there is something else that can be done.
Thanks for any insight.
First, thank you for finding this behavior. We have had intermittent issues with urlfetch for a long time, and will try to detect if this is the issue.
One thing you could try is to target a specific instance/module:
http://instance.version.module.app-id.appspot.com
and cycle through the instances. If you just target the module, it will kill the instance after some inactivity. So, perhaps that would not trigger the GAE DNS shortcut.
Another trick would be to add a fake, random, query string after your url: ?foo=D7hfka67h. Perhaps that would prevent GAE from recognizing the repeat url, and trying to shortcut the DNS.
I tried to set up WordPress under Google App Engine earlier tonight (following the instructions here: https://developers.google.com/appengine/articles/wordpress).
It runs fine locally, but when I push to remote I get a database error (visible at https://wp-dot-frontiermediag.appspot.com/). If we throw on a /wp_admin/install.php you get:
This either means that the username and password information in your
wp-config.php file is incorrect or we can't contact the database server
at :/cloudsql/frontiermediag:fmwp. This could mean your host's database
server is down.
Here's the relevant code in wp-config:
/** MySQL hostname */
if(isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'],'Google App Engine') !== false) {
define('DB_HOST', ':/cloudsql/frontiermediag:fmwp');
}else{
define('DB_HOST', 'localhost');
}
frontiermediag:fmwp is showing "Status Runnable" in Developers Console > Cloud SQL.
I did this once before and it worked so I'm not sure what I'm missing here. I thought it might have been because I'm using WP 3.8.1. but rolled back to 3.5.1 and same thing's happening.
Any ideas? frontiermediag is listed as an authorized application on the :fmwp ACL.
This situation happened to me earlier.However, I edited my Cloud SQL instance , and set "Preferred Location" as "Follow App Engine App" from Google Developers Console. This database connection problem was solved in my case.
I tried the instructions with wordpress 3.5.1 and the instructions seem to work for me. The code snippet you have above seems right and I am not sure what could be wrong without looking at rest of your code. Can you try the instructions from the beginning one more time with 3.5.1?
I had this issue, because "Follow App Engine App" doesn't seem to be an option for second generation instances in my case, and so the instance connection name includes the region setting.
Look at the instance details, and under properties, find "Instance connection name". That is the text that should follow :cloudsql/.
TransformationError
This error keeps coming up for a specific image.
There are no problems with other images and I'm wondering what the reason for this exception could be.
From Google:
"Error while attempting to transform the image."
Update:
Development server it works fine, only live it fails.
Thanks
Without more information I'd say it's either the image is corrupted, or it's in a format that cannot be used with get_serving_url (animate GIF for example).
I fought this error forever and incase anyone finds they get the dreaded TransformationError please note that you need to make sure that your app has owner permissions on the files you want to generate a url for
It'll look something like this in your IAM tab:
App Engine app default service account
your-project-name-here#appspot.gserviceaccount.com
In IAM on that member you want to scroll down to Storage and grant "Storage Object Admin" to that user. That is as long as you have your storage bucket under the same project... if not I'm not sure how...
This TransformationError exception seems to show up for permissions errors so it is a bit misleading.
I way getting this error because I had used the Bucket Policy Only permissions on a bucket in a different project.
However after changing this back to Object Level permissions and giving my App Engine app access (from a different project) I was able to perform the App Engine Standard Images operation (google.appengine.api.images.get_serving_url) that I was trying to implement.
Make sure that you set your permissions correctly either in the Console UI or via gsutil like so:
gsutil acl ch -u my-project-a#appspot.gserviceaccount.com:OWNER gs://my-project-b