发表新帖
发表新帖

https only in google app engine

前端 未结
关注
5 1900
渐次进展
渐次进展 2020-12-08 19:45

I am on a google app engine project now. In my application I have to allow only https protocol. And I have to restrict other protocols. It should allow https only. I have ad

相关标签:
5条回答
  • 不知归路
    2020-12-08 19:50

    If you want to stick with "web.xml" rather than using the "app.yaml" option (which will overwrite your web.xml & appengine-web.xml files at deploy time), you can add in:

    <security-constraint>
    <web-resource-collection>
        <web-resource-name>everything</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

    Reference: https://cloud.google.com/appengine/docs/java/config/webxml#Security_and_Authentication

    0 讨论(0)
  • 傲寒
    2020-12-08 19:58

    This is for future folks !!!

    1. In java adding the code below in my web.xml file worked for me 

      <security-constraint>
   <web-resource-collection>
      <web-resource-name>HTTPS redirect</web-resource-name>
      <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

    2. For other project add secure: always under all urls in app.yaml file

    0 讨论(0)
  • 清酒与你
    2020-12-08 20:08

    It is possible to configure the individual handlers to require HTTPS in the app.yaml file in the WEB-INF folder as described here: Java Application Configuration Using app.yaml - Google App Engine.

    You just have to add these two words to your app.yaml file under the appropriate url entry:
    secure: always

    For example:

    - url: .*
  script: main.app
  secure: always

    Then if a user tries to access the URL with HTTP she will be automatically redirected to HTTPS. Pretty cool.

    0 讨论(0)
  • 抹茶落季
    2020-12-08 20:14

    Are you using your own domain? At present, GAE supports SSL for *.appspot.com domains only. They have been promising SSL support for non-appspot domains for some time now and we're all waiting for news on that front.

    0 讨论(0)
  • 南方客
    2020-12-08 20:15

    Add this to your web.xml file

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>all</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    0 讨论(0)
 看不清?
提交回复
热议问题