CODEWITHSUNDEEP
google-app-engine
Uri Lukach
Uri Lukach

Reputation: 1121

Google App Engine - Does not redirect HTTP traffic to HTTPS

I have recently installed a GoDaddy certificate on my Google App Engine Java App. All went well and HTTPS links are working when directly accessed.

When I tried to configure all the links which needs to be secured in Web.xml I encountered a redirection issue. From some reason GAE acknowledges the links should be secured but it fails to redirect them to HTTPS (as it should).

I used the following definition in Web.xml:

  <security-constraint>
     <display-name>SecurityConstraint</display-name>
      <web-resource-collection>            
         <url-pattern>/Login.html</url-pattern>
        <url-pattern>/Register.html</url-pattern>
        <url-pattern>/Billing.html</url-pattern>
        <url-pattern>/PurchaseCredit.html</url-pattern>
        <url-pattern>/PastPurchases.html</url-pattern>                                              
      </web-resource-collection>
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
  </security-constraint>

Example: when I try to reach 

       http://MyDomain/Login.html

I get:HTTP Error 403 (Forbidden): The server refused to fulfill the request.

Instead of: 

       https://MyDomain/Login.html

Upvotes: 0

Views: 902

Answers (1)

Uri Lukach
Uri Lukach

Reputation: 1121

It seems that when I turned off Google PageSpeed the problem is solved.

I just read that Google published special notification regarding PageSpeed and HTTPS

https://developers.google.com/speed/docs/pss/faq

It seems that to integrate these two you have to email them for further instructions.

Either way, I am happy I found this, and hope it will save you guys a lot of time.

Upvotes: 4

Related Questions