1
我在app.yaml以下處理器部分:添加HSTS頭(谷歌應用程序引擎)
handlers:
- url: /(robots\.txt|sitemap\.xml)
static_files: \1
upload: (robots\.txt|sitemap\.xml)
secure: always
http_headers:
Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'
- url: /.*
script: main.app
secure: always
http_headers:
Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'
和其他子域,由另一子模塊(static.yaml)提供有以下幾點:
handlers:
- url:/
static_dir: files
secure: always
http_headers:
Access-Control-Allow-Origin: '*'
Strict-Transport-Security: 'max-age=63072000; preload'
我能夠沒有任何問題的AppEngine上部署static.yaml:
$ appcfg.py update static.yaml
12:48 PM Host: appengine.google.com
12:48 PM Application: XXXXXX; module: static; version: 1
12:48 PM
Starting update of app: XXXXXXXX, module: static, version: 1
12:48 PM Getting current resource limits.
12:48 PM Scanning files on local disk.
[...]
[...]
12:49 PM Checking if updated app version is serving.
12:49 PM Completed update of app: XXXXXX, module: static, version: 1
然而,當我嘗試更新app.yaml配置,我得到:
$ appcfg.py update app.yaml
12:48 PM Host: appengine.google.com
Usage: appcfg.py [options] update <directory> | [file, ...]
appcfg.py: error: Error parsing .\app.yaml: Unexpected attribute "http_headers" for mapping type script.
in ".\app.yaml", line 31, column 1.
我明白,這意味着我不得不處理在我的Python腳本本身HSTS配置。但是,我在main.app接口中有10個處理程序。而不是更新每個人添加STS頭,是否有一些替代方案可以在app.yaml級本身進行?
檢查app.yaml reference on GAE,在script類型映射中沒有提及限制http_header指令。
我認爲這已過時。該文檔不再提及白名單。 –
提及仍然存在,鏈接已更改:https://cloud.google.com/appengine/docs/flexible/nodejs/securing-custom-domains-with-ssl – dmitrych