How to force Google App Engine [python] to use SSL (https)? - SEO - PhpOut

Aaron
March 2, 2015
116 views
1 vote
2 Answers

I write a web app on Google App Engine using Python.

Users can access my site at http://[youraccount].appspot.com and https://[youraccount].appspot.com

How do I redirect the http traffic to the https site.

In other words, how do I force this site to use SSL(https) for security purpose (and for better SEO)?

Tags: google-app-engine https python

Answers

Chosen as BEST ANSWER
- Aaron
- March 2, 2015 at 1:25 pm
- 0 votes
0
Just add a secure parameter to the app.yaml file.
```
handlers:
- url: /youraccount/.*
  script: accounts.py
  login: required
  secure: always
```
See Configuring Secure URLs in app.yaml

Google App Engine supports secure connections via HTTPS for URLs using the *.appspot.com domain. When a request accesses a URL using HTTPS, and that URL is configured to use HTTPS in the app.yaml file, both the request data and the response data are encrypted by the sender before they are transmitted, and decrypted by the recipient after they are received. Secure connections are useful for protecting customer data, such as contact information, passwords, and private messages.

(Edit)

- JoshGrinberg
- February 10, 2019 at 6:27 am
- 0 votes
0
For a Django project running on Google App Engine in the Flexible Environment, setting secure: always in app.yaml doesn’t work [Google Cloud docs].

Instead, in my settings.py file, I added the following [Django docs]:
```
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
```
Note that SECURE_PROXY_SSL_HEADER is needed because the servers sit behind a load balancer.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.