setting http_headers in app.yaml doesn't work [closed] - google-app-engine

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
I am developing an application with appengine 1.7.0 (python) and I am trying to add custom headers to static directories, via app.yaml, in this way:
- url: /js
static_dir: static/js
http_headers:
X-Test-Http-Headers: yo
The problem is that the http header is not being set, even after restarting the application.
Any suggestions?
EDIT:
it does not work either in development nor in production environments
EDIT 2:
debugging with Charles, the returned headers are these:
HTTP/1.1 200 OK
ETag: "f_-W8g"
Date: Fri, 17 Aug 2012 09:40:10 GMT
Expires: Fri, 17 Aug 2012 09:40:15 GMT
Cache-Control: public, max-age=5
Content-Type: application/x-javascript
Content-Encoding: gzip
Server: Google Frontend
Content-Length: 8876
EDIT 3:
I found the problem. I changed the version and therefore the online version was not the deployed one. Restoring the version number made the deployed version available online, and therefore the headers were added:
HTTP/1.1 200 OK
X-Test-Http-Headers: yo
ETag: "DdNIcQ"
Date: Fri, 17 Aug 2012 10:19:01 GMT
Expires: Fri, 17 Aug 2012 10:19:06 GMT
Cache-Control: public, max-age=5
Content-Type: application/x-javascript
Content-Encoding: gzip
Server: Google Frontend
Content-Length: 8876

Related

How to Hide Server/Software Version from Apache Zeppelin/Any Related Web-App?

Any ideas/suggestions on how to hide software/server version from Apache Zeppelin? We hired an information security company to perform an external pen-testing in our servers and one of the issues raised was to hide all the software versions being disclosed on application headers/errors messages.
So for example if I execute this command from a terminal:
curl -I -k https://localhost:8181/
It will give this result
HTTP/1.1 200 OK Date: Thu, 16 Jul 2020 03:37:42 GMT Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: authorization,Content-Type Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE Date: Thursday, July 16, 2020 1:37:42 PM AEST Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: authorization,Content-Type Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE Date: Thursday, July 16, 2020 1:37:42 PM AEST Content-Type: text/html Last-Modified: Thu, 08 Jun 2017 09:18:50 GMT Accept-Ranges: bytes Content-Length: 3657 Server: Jetty(9.2.15.v20160210)
How can I hide the Server: Jetty(9.2.15.v20160210) or is it even possible? I'm trying to search but no luck yet on finding a solution for this. Appreciate any help. Thanks in advance! Cheers.
It's possible in the Zeppelin 0.9.0 (not yet released) - it's implemented as part of the ZEPPELIN-4586 and should be available in the 0.9.0-preview2 soon, or you can compile from source yourself. You can look to the documentation in the meantime

How to enable browser caching in GAE

Although this question should be trivial, I didn't success to enable browser caching on web google app engine java server.
I've try to put this kind of thing in my appengine-web.xml:
<static-files>
<include path="/**.cache.**" expiration="365d" />
...
but when I'm looking the response header I find this in local:
Content-Length: 196084
Cache-Control: public, max-age=31536000
Expires: Fri, 10 Jan 2014 19:40:45 GMT
Content-Type: image/png
Last-Modified: Tue, 18 Dec 2012 21:41:22 GMT
Server: Jetty(6.1.x)
Which is fine... but this in production environment:
HTTP/1.1 304 Not Modified
ETag: "RV4Bpg"
X-AppEngine-Estimated-CPM-US-Dollars: $0.000000
X-AppEngine-Resource-Usage: ms=109 cpu_ms=0
Date: Thu, 10 Jan 2013 19:41:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: Google Frontend
Which is definitively not what I want :(
Any idea ? something I've missed ?
[EDIT]
for not yet downloaded content, my browser receive the following header:
HTTP/1.1 200 OK
ETag: "RV4Bpg"
Date: Fri, 11 Jan 2013 12:50:50 GMT
Expires: Sat, 11 Jan 2014 12:50:50 GMT
Cache-Control: public, max-age=31536000
X-AppEngine-Estimated-CPM-US-Dollars: $0.000000
X-AppEngine-Resource-Usage: ms=3 cpu_ms=0
Date: Fri, 11 Jan 2013 12:50:50 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/png
Server: Google Frontend
Content-Length: 196084
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
X-RBT-Optimized-By: eu-dcc-sh02 (RiOS 6.5.5b) SC
An ETag and several contradictory 'Expires' and 'Cache-Control' ...
Is there several way to configure caching policy ? Could it come from my ISP ? or a proxy ?
When you are logged in to a Google App Engine application as an administrator:
The X-AppEngine-* headers shown in your question are included.
The Cache-Control: no-cache, must-revalidate header is included, because the X-AppEngine-* headers are private and must not be cached.
This is hidden at the end of the Responses section at https://developers.google.com/appengine/docs/python/runtime#Responses, which says that:
Responses with resource usage statistics will be made uncacheable.
Yes, Cache-Control is off because reply is HTTP 304.
The problem is that your browser saved the ETag: http://en.wikipedia.org/wiki/HTTP_ETag
Now for every request for the same url/content, browser provides ETag and GAE replies with HTTP 304 Not Modified.
Try changing the resource (image) at this url, checking another url that you have not yet loaded in this browser or using another browser or computer altogether.
Also, this is relevant: What takes precedence: the ETag or Last-Modified HTTP header?

404 Pages and 301 redirect

We built pages like this:
Old URL:
http://www.ifsc-code.co.in/all-india-banks-database/bank-of-india/karnataka/
Please notice, bank of india is the bank name and karnataka is the state name.
New URL:
http://bank-of-india.ifsc-code.co.in/karnataka
There are 45000 old urls all have been set as 301 redirect to new url. Its been 2 months, but still google sees them as 404. Why?
This is how Googlebot fetched the page.
URL: http:/ /www.ifsc-code.co.in/all-india-banks-database/bank-of-india/karnataka/
Date: Thursday, March 29, 2012 1:29:54 PM PDT
Googlebot Type: Web
Download Time (in milliseconds): 168
HTTP/1.1 301 Moved Permanently
Date: Thu, 29 Mar 2012 20:29:54 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.8
Location: http:/ /bank-of-india.ifsc-code.co.in/karnataka
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
Then why does this page shows up in 404 page? The url that links to that page doesn't even exist, which is also a 301 redirect.
Please help.
Because you have to manually mark them as fixed in webmaster tools : Mark crawl error as fixed

GZIP content in Google App Engine using django-nonrel

I have a django-nonrel app running in Google App Engine and am wanting all the content to be gzipped.
I keep reading that GAE automatically gzips the content but when I check the headers using Firefox's web developer toolbar I get the following result:
Via: 1.1 TL-ISA1
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Expires: Thu, 09 Dec 2010 12:23:46 GMT
Date: Thu, 09 Dec 2010 12:23:46 GMT
Content-Type: text/html; charset=utf-8
Etag: "463ad22512f09050f76a291c11d9746d"
Server: Google Frontend
Last-Modified: Thu, 09 Dec 2010 12:23:46 GMT
Cache-Control: max-age=0
200 OK
I was expecting to see Content-Encoding: gzip, but since it is not there, my assumption is that the content is not being gzipped as it should.
Am I missing something? For example, do I need to do something extra if I am using django-nonrel?
Just to add, I am new to Web development - so don't be afraid to patronise. Thanks
Gzip should work out of the box, you are probably requesting the page through a proxy.

SharePoint 2010 / IIS 7.5 Byte-Range Request Responds With Entire File

I'm having problems getting SharePoint 2010/IIS 7.5 to respect byte-range requests. I'm developing a SharePoint 2010 Web Part using Silverlight, and am trying to retrieve part of a document stored inside SharePoint.
When I request a byte range of a file in SharePoint, the server responds with the entire file. However, if I request the same byte range from a file sitting on an Apache server, everything works as expected. Below are the http headers observed with Fiddler.
Any help would be really appreciated! Thanks.
Sent:
GET http://example.com/file.abc HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://example.com/index.html
Accept-Encoding: identity
Range: bytes=1061285-1064594
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4
Host: example.com
Connection: Keep-Alive
SharePoint also takes login credentials:
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==
Received from Apache:
HTTP/1.1 206 Partial Content
Date: Wed, 25 Aug 2010 22:40:34 GMT
Server: Apache/2.0.54
Last-Modified: Fri, 20 Aug 2010 23:27:18 GMT
ETag: "b68e346-103ea9-a3c20180"
Accept-Ranges: bytes
Content-Length: 3310
Vary: User-Agent
Content-Range: bytes 1061285-1064594/1064617
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/x-zip
Received from SharePoint 2010 / IIS 7.5
HTTP/1.1 200 OK
Cache-Control: private,max-age=0
Content-Length: 1064617
Content-Type: application/octet-stream
Expires: Tue, 10 Aug 2010 22:40:56 GMT
Last-Modified: Wed, 25 Aug 2010 19:28:39 GMT
ETag: "{5A1DF927-D8CD-4BC0-9590-8188CF777A3D},1"
Server: Microsoft-IIS/7.5
SPRequestGuid: 99799011-5bdc-489f-99fd-d060a56d3ae4
Set-Cookie: WSS_KeepSessionAuthenticated={7703be10-bb56-4fa1-ba8b-cd05f482859f}; path=/
X-SharePointHealthScore: 5
ResourceTag: rt:5A1DF927-D8CD-4BC0-9590-8188CF777A3D#00000000001
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename=file.abc
X-Download-Options: noopen
Public-Extension: http://schemas.microsoft.com/repl-2
Set-Cookie: WSS_KeepSessionAuthenticated={7703be10-bb56-4fa1-ba8b-cd05f482859f}; path=/
Persistent-Auth: true
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.4762
Date: Wed, 25 Aug 2010 22:40:56 GMT
The problem is that SharePoint caching is off be default, and needs to be turned on to enable byte-range requests. See Disk-Based Caching for Binary Large Objects.
Note http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.2:
"A server MAY ignore the Range header."
Thus whenever you are using a Range header you must be able to handle a 200 response. The fact that your server doesn't appear to support range serving is unfortunate, but conformant.

Resources