Reputation: 39909
GAE task, are the urls secure by design?
I'm trying to wrap my head around Google App Engine and more specifically at the Tasks.
My question is about security, if I define a queue like :
- url: /queues/long-task
script: urlhandlers.QueueLongTask.app
login: admin
Will I be sure that the /queues/long-task can only be accessed by admin AND task system ? I was not able to find a reference about this in the Google documentation.
Thank you in advance
Upvotes: 0
Views: 572
Answers (1)
Reputation: 5448
You are correct, login: admin takes care of it.
Here you can find more info on the documentation: https://cloud.google.com/appengine/docs/python/taskqueue/overview-push#Python_Securing_URLs_for_tasks
You can also use the headers like X-AppEngine-QueueName if you want to do specific things only when this is called from a task:
"These headers are set internally by Google App Engine. If your request handler finds any of these headers, it can trust that the request is a Task Queue request. If any of the above headers are present in an external user request to your app, they are stripped."
Upvotes: 3
Related Questions
- Run PHP Task Asynchronously
- GAE : What is the preferred way of ensuring an outside task really finishes?
- do google app engine pull queues return tasks in FIFO order?
- How do I create push queue tasks for multiple queues
- How GAE detect the right handler for a task queue?
- GAE Golang - How to properly schedule a Task Queue to a Backend?
- Is there a way to assure FIFO (first in, first out) behavior with Task Queues on GAE?
- error when using task queue
- What is meant by 'bucket-size' of queue in the google app engine?