skip to Main Content

I write a web app on Google App Engine using Python.

Users can access my site at http://[youraccount].appspot.com and https://[youraccount].appspot.com

How do I redirect the http traffic to the https site.

In other words, how do I force this site to use SSL(https) for security purpose (and for better SEO)?

2

Answers


  1. Chosen as BEST ANSWER

    Just add a secure parameter to the app.yaml file.

    handlers:
    - url: /youraccount/.*
      script: accounts.py
      login: required
      secure: always
    

    See Configuring Secure URLs in app.yaml

    Google App Engine supports secure connections via HTTPS for URLs using the *.appspot.com domain. When a request accesses a URL using HTTPS, and that URL is configured to use HTTPS in the app.yaml file, both the request data and the response data are encrypted by the sender before they are transmitted, and decrypted by the recipient after they are received. Secure connections are useful for protecting customer data, such as contact information, passwords, and private messages.


  2. For a Django project running on Google App Engine in the Flexible Environment, setting secure: always in app.yaml doesn’t work [Google Cloud docs].

    Instead, in my settings.py file, I added the following [Django docs]:

    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
    SECURE_SSL_REDIRECT = True
    SECURE_HSTS_SECONDS = 31536000
    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
    

    Note that SECURE_PROXY_SSL_HEADER is needed because the servers sit behind a load balancer.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search