Enforce Https with cloud endpoints Framework v2
up vote
0
down vote
favorite
I am currently using cloud endpoints framework on an Appengine application.
Is it possible to enforce Https protocol for exposed endpoints?
Now, I am able to call my endpoints in https but also in http.
I wonder if we can set a redirection to Https like we can in appengine with the "transport-guarantee" set to CONFIDENTIAL.
As an example when I call the drive API on Http, I get the following message
{
"error": {
"errors": [
{
"domain": "global",
"reason": "sslRequired",
"message": "SSL is required to perform this operation."
}
],
"code": 403,
"message": "SSL is required to perform this operation."
}
}
I would like to have the same behavior with cloud endpoint framework.
Subsidiary questions I found no way to also set HTST on cloud endpoint framework whereas Google is promoting it.
Did I misunderstand something?
Thx!
google-cloud-platform google-cloud-endpoints google-cloud-endpoints-v2
add a comment |
up vote
0
down vote
favorite
I am currently using cloud endpoints framework on an Appengine application.
Is it possible to enforce Https protocol for exposed endpoints?
Now, I am able to call my endpoints in https but also in http.
I wonder if we can set a redirection to Https like we can in appengine with the "transport-guarantee" set to CONFIDENTIAL.
As an example when I call the drive API on Http, I get the following message
{
"error": {
"errors": [
{
"domain": "global",
"reason": "sslRequired",
"message": "SSL is required to perform this operation."
}
],
"code": 403,
"message": "SSL is required to perform this operation."
}
}
I would like to have the same behavior with cloud endpoint framework.
Subsidiary questions I found no way to also set HTST on cloud endpoint framework whereas Google is promoting it.
Did I misunderstand something?
Thx!
google-cloud-platform google-cloud-endpoints google-cloud-endpoints-v2
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am currently using cloud endpoints framework on an Appengine application.
Is it possible to enforce Https protocol for exposed endpoints?
Now, I am able to call my endpoints in https but also in http.
I wonder if we can set a redirection to Https like we can in appengine with the "transport-guarantee" set to CONFIDENTIAL.
As an example when I call the drive API on Http, I get the following message
{
"error": {
"errors": [
{
"domain": "global",
"reason": "sslRequired",
"message": "SSL is required to perform this operation."
}
],
"code": 403,
"message": "SSL is required to perform this operation."
}
}
I would like to have the same behavior with cloud endpoint framework.
Subsidiary questions I found no way to also set HTST on cloud endpoint framework whereas Google is promoting it.
Did I misunderstand something?
Thx!
google-cloud-platform google-cloud-endpoints google-cloud-endpoints-v2
I am currently using cloud endpoints framework on an Appengine application.
Is it possible to enforce Https protocol for exposed endpoints?
Now, I am able to call my endpoints in https but also in http.
I wonder if we can set a redirection to Https like we can in appengine with the "transport-guarantee" set to CONFIDENTIAL.
As an example when I call the drive API on Http, I get the following message
{
"error": {
"errors": [
{
"domain": "global",
"reason": "sslRequired",
"message": "SSL is required to perform this operation."
}
],
"code": 403,
"message": "SSL is required to perform this operation."
}
}
I would like to have the same behavior with cloud endpoint framework.
Subsidiary questions I found no way to also set HTST on cloud endpoint framework whereas Google is promoting it.
Did I misunderstand something?
Thx!
google-cloud-platform google-cloud-endpoints google-cloud-endpoints-v2
google-cloud-platform google-cloud-endpoints google-cloud-endpoints-v2
edited Nov 9 at 12:59
asked Nov 9 at 10:55
chaiyachaiya
1,2841013
1,2841013
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
If you're using Endpoints Frameworks, that's just a code library for doing API policy enforcement (API keys, rate limiting, etc.), which means Endpoints is only involved after an HTTPS or HTTP connection has been established.
Since you're running your API on App Engine, I'd recommend trying to make your AppEngine app HTTPS-only.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
If you're using Endpoints Frameworks, that's just a code library for doing API policy enforcement (API keys, rate limiting, etc.), which means Endpoints is only involved after an HTTPS or HTTP connection has been established.
Since you're running your API on App Engine, I'd recommend trying to make your AppEngine app HTTPS-only.
add a comment |
up vote
1
down vote
accepted
If you're using Endpoints Frameworks, that's just a code library for doing API policy enforcement (API keys, rate limiting, etc.), which means Endpoints is only involved after an HTTPS or HTTP connection has been established.
Since you're running your API on App Engine, I'd recommend trying to make your AppEngine app HTTPS-only.
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
If you're using Endpoints Frameworks, that's just a code library for doing API policy enforcement (API keys, rate limiting, etc.), which means Endpoints is only involved after an HTTPS or HTTP connection has been established.
Since you're running your API on App Engine, I'd recommend trying to make your AppEngine app HTTPS-only.
If you're using Endpoints Frameworks, that's just a code library for doing API policy enforcement (API keys, rate limiting, etc.), which means Endpoints is only involved after an HTTPS or HTTP connection has been established.
Since you're running your API on App Engine, I'd recommend trying to make your AppEngine app HTTPS-only.
answered Nov 9 at 20:31
Andrew Gunsch
761
761
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53224370%2fenforce-https-with-cloud-endpoints-framework-v2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown