在app.yaml中添加HSTS标头(Google App Engine) [英] Adding HSTS headers in app.yaml (Google App Engine)
问题描述
我的 app.yaml
中有以下处理程序部分:
I have the following handlers section in my app.yaml
:
handlers:
- url: /(robots\.txt|sitemap\.xml)
static_files: \1
upload: (robots\.txt|sitemap\.xml)
secure: always
http_headers:
Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'
- url: /.*
script: main.app
secure: always
http_headers:
Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'
由另一个子模块( static.yaml
)服务的
和另一个子域具有以下内容:
and another subdomain, served by the another submodule (static.yaml
) has the following:
handlers:
- url: /
static_dir: files
secure: always
http_headers:
Access-Control-Allow-Origin: '*'
Strict-Transport-Security: 'max-age=63072000; preload'
我能够将 static.yaml
部署到appengine中没有任何问题:
I was able to deploy static.yaml
without any issues to the appengine:
$ appcfg.py update static.yaml
12:48 PM Host: appengine.google.com
12:48 PM Application: XXXXXX; module: static; version: 1
12:48 PM
Starting update of app: XXXXXXXX, module: static, version: 1
12:48 PM Getting current resource limits.
12:48 PM Scanning files on local disk.
[...]
[...]
12:49 PM Checking if updated app version is serving.
12:49 PM Completed update of app: XXXXXX, module: static, version: 1
而当我尝试更新 app.yaml
配置时,我得到:
whereas, when I try to update the app.yaml
configuration, I get:
$ appcfg.py update app.yaml
12:48 PM Host: appengine.google.com
Usage: appcfg.py [options] update <directory> | [file, ...]
appcfg.py: error: Error parsing .\app.yaml: Unexpected attribute "http_headers" for mapping type script.
in ".\app.yaml", line 31, column 1.
我知道这意味着我必须在我的python脚本本身中处理HSTS配置.但是,我在 main.app
界面中有大约10个处理程序.
I understand that it means I'd have to handle HSTS configuration in my python script itself. But, I have ~10 handlers in the main.app
interface. Instead of updating each of those to add the STS header, is there some alternative to do so at app.yaml
level itself?
在GAE上检查 app.yaml
参考,在 script
类型映射中没有提及 http_header
指令的限制.
Checking the app.yaml
reference on GAE, there is no mention of restriction of http_header
directive in script
type mapping.
推荐答案
You can use app.yaml to control HTTP headers for static file handlers and not dynamic handlers. You would need to set the header within your app code.
这篇关于在app.yaml中添加HSTS标头(Google App Engine)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!