在app.yaml中添加HSTS标头(Google App Engine) [英] Adding HSTS headers in app.yaml (Google App Engine)

问题描述

我的 app.yaml 中有以下处理程序部分:

I have the following handlers section in my app.yaml:

handlers:
  - url: /(robots\.txt|sitemap\.xml)
    static_files: \1
    upload: (robots\.txt|sitemap\.xml)
    secure: always
    http_headers:
      Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'
  - url: /.*
    script: main.app
    secure: always
    http_headers:
      Strict-Transport-Security: 'max-age=63072000; includeSubDomains; preload'

由另一个子模块( static.yaml )服务的

和另一个子域具有以下内容:

and another subdomain, served by the another submodule (static.yaml) has the following:

handlers:
  - url: /
    static_dir: files
    secure: always
    http_headers:
      Access-Control-Allow-Origin: '*'
      Strict-Transport-Security: 'max-age=63072000; preload'

我能够将 static.yaml 部署到appengine中没有任何问题:

I was able to deploy static.yaml without any issues to the appengine:

$ appcfg.py update static.yaml
12:48 PM Host: appengine.google.com
12:48 PM Application: XXXXXX; module: static; version: 1
12:48 PM
Starting update of app: XXXXXXXX, module: static, version: 1
12:48 PM Getting current resource limits.
12:48 PM Scanning files on local disk.
[...]
[...]
12:49 PM Checking if updated app version is serving.
12:49 PM Completed update of app: XXXXXX, module: static, version: 1

而当我尝试更新 app.yaml 配置时，我得到:

whereas, when I try to update the app.yaml configuration, I get:

$ appcfg.py update app.yaml
12:48 PM Host: appengine.google.com
Usage: appcfg.py [options] update <directory> | [file, ...]

appcfg.py: error: Error parsing .\app.yaml: Unexpected attribute "http_headers" for mapping type script.
  in ".\app.yaml", line 31, column 1.

我知道这意味着我必须在我的python脚本本身中处理HSTS配置.但是，我在 main.app 界面中有大约10个处理程序.

I understand that it means I'd have to handle HSTS configuration in my python script itself. But, I have ~10 handlers in the main.app interface. Instead of updating each of those to add the STS header, is there some alternative to do so at app.yaml level itself?

在GAE上检查 app.yaml 参考，在 script 类型映射中没有提及 http_header 指令的限制.

Checking the app.yaml reference on GAE, there is no mention of restriction of http_header directive in script type mapping.

推荐答案

您可以使用app.yaml来控制

You can use app.yaml to control HTTP headers for static file handlers and not dynamic handlers. You would need to set the header within your app code.

这篇关于在app.yaml中添加HSTS标头(Google App Engine)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！