https 仅在谷歌应用引擎中 [英] https only in google app engine
问题描述
我现在在做一个谷歌应用引擎项目.在我的应用程序中,我必须只允许 https 协议.而且我必须限制其他协议.它应该只允许 https.我在 web.xml 中添加了以下代码.
I am on a google app engine project now. In my application I have to allow only https protocol. And I have to restrict other protocols. It should allow https only. I have added the below code in web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
但在部署后它适用于两种协议(http 和 https).如何限制http?
But after deploying it works on both the protocols(http and https). How to restrict http?
推荐答案
可以在 WEB-INF 文件夹中的 app.yaml 文件中将各个处理程序配置为需要 HTTPS,如下所述:使用 app.yaml 的 Java 应用程序配置 - Google App Engine.
It is possible to configure the individual handlers to require HTTPS in the app.yaml file in the WEB-INF folder as described here: Java Application Configuration Using app.yaml - Google App Engine.
您只需将这两个词添加到您的 app.yaml
文件中相应的 url
条目下:安全:始终
You just have to add these two words to your app.yaml
file under the appropriate url
entry:
secure: always
例如:
- url: .*
script: main.app
secure: always
然后,如果用户尝试使用 HTTP 访问 URL,她将被自动重定向到 HTTPS.很酷.
Then if a user tries to access the URL with HTTP she will be automatically redirected to HTTPS. Pretty cool.
这篇关于https 仅在谷歌应用引擎中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!