google-app-engine


Adding HSTS headers in app.yaml (Google App Engine)


I have the following handlers section in my app.yaml:
handlers:
- url: /(robots\.txt|sitemap\.xml)
static_files: \1
upload: (robots\.txt|sitemap\.xml)
secure: always
http_headers:
Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'
- url: /.*
script: main.app
secure: always
http_headers:
Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'
and another subdomain, served by the another submodule (static.yaml) has the following:
handlers:
- url: /
static_dir: files
secure: always
http_headers:
Access-Control-Allow-Origin: '*'
Strict-Transport-Security: 'max-age=63072000; preload'
I was able to deploy static.yaml without any issues to the appengine:
$ appcfg.py update static.yaml
12:48 PM Host: appengine.google.com
12:48 PM Application: XXXXXX; module: static; version: 1
12:48 PM
Starting update of app: XXXXXXXX, module: static, version: 1
12:48 PM Getting current resource limits.
12:48 PM Scanning files on local disk.
[...]
[...]
12:49 PM Checking if updated app version is serving.
12:49 PM Completed update of app: XXXXXX, module: static, version: 1
whereas, when I try to update the app.yaml configuration, I get:
$ appcfg.py update app.yaml
12:48 PM Host: appengine.google.com
Usage: appcfg.py [options] update <directory> | [file, ...]
appcfg.py: error: Error parsing .\app.yaml: Unexpected attribute "http_headers" for mapping type script.
in ".\app.yaml", line 31, column 1.
I understand that it means I'd have to handle HSTS configuration in my python script itself. But, I have ~10 handlers in the main.app interface. Instead of updating each of those to add the STS header, is there some alternative to do so at app.yaml level itself?
Checking the app.yaml reference on GAE, there is no mention of restriction of http_header directive in script type mapping.
I was looking over http headers in app.yaml today and saw this. It appears to be related to your issue.
In addition, the header Strict-Transport-Security is removed from
responses served from any domains other than *.appspot.com.
https://cloud.google.com/appengine/docs/python/how-requests-are-handled#Python_Responses

Related Links

App Engine - How to create project in region us-central
Google App Engine redirecting all naked domain requests, causing letsencrypt to not work
CA/Root/SSL Certificates in Go - Too Old?
Can't access to my Google Cloud's App from http://localhost:8080
Connecting to Google Cloud SQL from External Applications
Automatic redirection google app engine
Realtime datastore in google datastore
Can someone help me add a new column in Google cloud Search Index using Java
Unable to get serving url from GCS in another project
How can I filter self out of an Ancestor query on recursive entities
Verifying a domain for Google App Engine
Go, Appengine, SMTP, Gmail
Google app engine cron job scheduling setup and pricing
Google Appengine Datastore filter and sort direction together
Does exist API Google to grab Google Play?
Migrating existing news website (built with php and mysql) to google cloud platform

Categories

HOME
jpa
google-spreadsheet
graphics
sublimetext
soa
scripting
cakephp-3.4
spring-session
jtextpane
angularfire2
fabric.io
mql5
distribution
watson-conversation
resultset
alamofire
redis-sentinel
line
selectize.js
package-managers
modbus-tcp
atlassian-stash
red5
guzzle
systemtime
pchart
ckfinder
dapper-extensions
syntax-highlighting
openmdao
ntp
scrollview
playstation-portable
sammy.js
instantiation
sendbird
arduino-ide
openerp-7
news
watchface
odoo-website
wc
facebook-pixel
mathcad
restore
pytables
adafruit
flex4.6
wso2developerstudio
dimension
lz77
blitline
morton-number
cgi-bin
airbrake
alloy-ui
omnifaces
genymotion-call
kissfft
lnk
buffering
scriptaculous
hibernate-entitymanager
breakout
ice-cube
onload-event
chart-director
apache-abdera
veracity
objectquery
predicatebuilder
koken
virtualpathprovider
luabind
flex-mobile
entity-attribute-value
workflow-services
cuteeditor
luajava
ie-compatibility-mode
zend-rest
zen
nstokenfield
sun
wysiwym
fdf

Resources

Encrypt Message