https 仅在谷歌应用引擎中 [英] https only in google app engine

问题描述

我现在在做一个谷歌应用引擎项目.在我的应用程序中，我必须只允许 https 协议.而且我必须限制其他协议.它应该只允许 https.我在 web.xml 中添加了以下代码.

I am on a google app engine project now. In my application I have to allow only https protocol. And I have to restrict other protocols. It should allow https only. I have added the below code in web.xml.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

但在部署后它适用于两种协议(http 和 https).如何限制http?

But after deploying it works on both the protocols(http and https). How to restrict http?

推荐答案

可以在 WEB-INF 文件夹中的 app.yaml 文件中将各个处理程序配置为需要 HTTPS，如下所述:使用 app.yaml 的 Java 应用程序配置 - Google App Engine.

It is possible to configure the individual handlers to require HTTPS in the app.yaml file in the WEB-INF folder as described here: Java Application Configuration Using app.yaml - Google App Engine.

您只需将这两个词添加到您的 app.yaml 文件中相应的 url 条目下:
安全:始终

You just have to add these two words to your app.yaml file under the appropriate url entry:
secure: always

例如:

- url: .*
  script: main.app
  secure: always

然后，如果用户尝试使用 HTTP 访问 URL，她将被自动重定向到 HTTPS.很酷.

Then if a user tries to access the URL with HTTP she will be automatically redirected to HTTPS. Pretty cool.

这篇关于https 仅在谷歌应用引擎中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！