Hi all, I have a simple internal website running on App Engine that is only supposed to be available to people in my organization.
To do this, under App Engine settings I set "Google Authentication" to "Google Apps Domain" and set that to mydomain.com. Then on the main App Engine settings page it shows "Referrers" as "Google Apps domain: mydomain.com". This seemed to work well. If you go to that page from any browser, then it asks for your login to @mydomain.com and refuses logins from other (google) domains like @gmail.com. When I am using Chrome, I use two personas: a @mydomain.com email/persona and my personal @gmail.com email/persona. However, if I am logged in as my regular gmail account, I can access the @mydomain App Engine site! I cannot access from an incognito window, nor from Safari (which is only logged into my @gmail), nor from Firefox. The App Engine site is accessed via an appspot.com address and set to secure:always in app.yaml, so it is https, but it is not served from https://mydomain.com. This seems like strange behavior. Does anyone know why this would happen? It is making me concerned about the accessibility of the site to people outside the organization. Thanks, Brian -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/e477f1d6-05de-4b1c-bc68-8dc0248f1875%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.