Re: [google-appengine] how to check virus for the uploaded files?
On Sat, May 24, 2014 at 9:34 AM, saintthor saintt...@gmail.com wrote: i want to set a service for users to upload and download files. there may be virus or other risks in the files. can i check them? There are online virus-scanning tools you can use via API such as: https://scanii.com/ and https://www.virustotal.com/en/documentation/public-api/ . Alternately you can use a Compute Engine machinehttps://cloud.google.com/products/compute-engine/ /Managed VM https://developers.google.com/cloud/managed-vms, install an anti-virus scanning engine, then run all your uploaded files through there. If you don't want to handle virus scanning yourself, you could try requiring users to upload files from a trusted source. For example, Google Drive virus scans files under 25MBhttps://support.google.com/a/answer/172541?hl=en- you could have users upload to GDrive, then select files using the Drive API https://developers.google.com/drive/v2/reference/. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] dev_appserver.py cannot connect to some HTTP endpoint
On Fri, May 23, 2014 at 3:49 PM, Marco Lovato maglov...@gmail.com wrote: INFO 2014-05-23 20:44:07,649 sdk_update_checker.py:242] Checking for updates to the SDK. INFO 2014-05-23 20:44:07,978 __init__.py:94] Connecting through tunnel to: appengine.google.com:443 INFO 2014-05-23 20:44:09,632 api_server.py:171] Starting API server at: http://localhost:32938 INFO 2014-05-23 20:44:09,655 dispatcher.py:182] Starting module default running at: http://0.0.0.0:8080 So what's strange is that it looks like the SDK is trying to check for updates, but I don't see any followup text (i.e. it should say something along the lines of upgrade now or sdk up to date). Can you connect your work computer to your corporate network's DMZhttp://en.wikipedia.org/wiki/DMZ_(computing) or public wifi and then run the development appserver? If you can't, try this: search your computer for a file named *.appcfg_nag* (including the prefixed period). Open it, then change the *opt_in* property to *false*. This should turn off the SDK update checker. Try running the development appserver again. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] Service error from AppEngine
On Sun, May 25, 2014 at 10:41 AM, Build Account newandroi...@gmail.com wrote: How to fix this error? It seem that occured somtime from FilterChain. java.lang.NullPointerException at org.apache.jsp.index_jsp._jspService(index_jsp.java:65) at ...dFilter.doFilter(Unknown Source) Can you supply the source code of your filter ( *...dFilter* )? - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] HttpOnly-Cookie in Java?
On Fri, May 23, 2014 at 2:53 AM, stephanos stephan.beh...@gmail.com wrote: Well, this can't be! How are others solving this? On Wed, Apr 30, 2014 at 3:09 AM, Vinny P vinny...@gmail.com wrote: I don't believe there's a way to do that. If you want a workaround, you could try hosting a HTTPS version of your site on one subdomain, and the regular HTTP version on another subdomain. Mark the cookie as only available on a single subdomain. There are a couple of ways to solve this. The easiest would be to make your site available through HTTPS only - detect if the user is using an unencrypted connection, and if so, redirect to the HTTPS equivalent URL. Forcing HTTPS everywhere isn't too much of a burden - a Gmail engineer wrote that SSL accounts for less than 1% of CPU load and less than 2% of network overheadhttps://www.imperialviolet.org/2010/06/25/overclocking-ssl.html . Another way - as I noted above - is to use unencrypted connections on one subdomain and force HTTPS if using a site through a separate subdomain. Reddit does this: most connections on reddit are unencrypted, try this link and inspect in the console: http://www.reddit.com/r/google But if you use the pay.reddit.com subdomain, all communications are forced to be encrypted. Inspect this page in your console: https://pay.reddit.com/r/google . If you try and visit pay.reddit.comwithout using HTTPS, you'll get an error message: http://imgur.com/9K81FoB Another alternative is to set up nginx or another server as a reverse proxy, and configure it to rewrite cookies with respect to secure/unsecure connections. This option is difficult to configure though. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] HttpOnly-Cookie in Java?
Hey Vinny, thanks for your detailed response! But it seems you are talking about the 'Secure'-flag - not the 'HttpOnly'-flag. Because the 'HttpOnly'-flag has nothing to do with HTTPS/HTTP: It prevents Javascript from accessing the cookie. So even if we use HTTPS everywhere (which we do) if someone is able to inject Javascript into our application it can read the session cookie! On Monday, May 26, 2014 10:18:34 AM UTC+2, Vinny P wrote: On Fri, May 23, 2014 at 2:53 AM, stephanos stephan...@gmail.comjavascript: wrote: Well, this can't be! How are others solving this? On Wed, Apr 30, 2014 at 3:09 AM, Vinny P vinn...@gmail.com javascript: wrote: I don't believe there's a way to do that. If you want a workaround, you could try hosting a HTTPS version of your site on one subdomain, and the regular HTTP version on another subdomain. Mark the cookie as only available on a single subdomain. There are a couple of ways to solve this. The easiest would be to make your site available through HTTPS only - detect if the user is using an unencrypted connection, and if so, redirect to the HTTPS equivalent URL. Forcing HTTPS everywhere isn't too much of a burden - a Gmail engineer wrote that SSL accounts for less than 1% of CPU load and less than 2% of network overheadhttps://www.imperialviolet.org/2010/06/25/overclocking-ssl.html . Another way - as I noted above - is to use unencrypted connections on one subdomain and force HTTPS if using a site through a separate subdomain. Reddit does this: most connections on reddit are unencrypted, try this link and inspect in the console: http://www.reddit.com/r/google But if you use the pay.reddit.com subdomain, all communications are forced to be encrypted. Inspect this page in your console: https://pay.reddit.com/r/google . If you try and visit pay.reddit.comwithout using HTTPS, you'll get an error message: http://imgur.com/9K81FoB Another alternative is to set up nginx or another server as a reverse proxy, and configure it to rewrite cookies with respect to secure/unsecure connections. This option is difficult to configure though. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] HttpOnly-Cookie in Java?
Hi Stephanos, Please find here some suggenstions how to set the httponly flag for session cookies on servlet containers prior to JEE6: https://www.owasp.org/index.php/HttpOnly#What_is_HttpOnly.3F Best regards, Stephan 2014-05-26 10:22 GMT+02:00 stephanos stephan.beh...@gmail.com: Hey Vinny, thanks for your detailed response! But it seems you are talking about the 'Secure'-flag - not the 'HttpOnly'-flag. Because the 'HttpOnly'-flag has nothing to do with HTTPS/HTTP: It prevents Javascript from accessing the cookie. So even if we use HTTPS everywhere (which we do) if someone is able to inject Javascript into our application it can read the session cookie! On Monday, May 26, 2014 10:18:34 AM UTC+2, Vinny P wrote: On Fri, May 23, 2014 at 2:53 AM, stephanos stephan...@gmail.com wrote: Well, this can't be! How are others solving this? On Wed, Apr 30, 2014 at 3:09 AM, Vinny P vinn...@gmail.com wrote: I don't believe there's a way to do that. If you want a workaround, you could try hosting a HTTPS version of your site on one subdomain, and the regular HTTP version on another subdomain. Mark the cookie as only available on a single subdomain. There are a couple of ways to solve this. The easiest would be to make your site available through HTTPS only - detect if the user is using an unencrypted connection, and if so, redirect to the HTTPS equivalent URL. Forcing HTTPS everywhere isn't too much of a burden - a Gmail engineer wrote that SSL accounts for less than 1% of CPU load and less than 2% of network overheadhttps://www.imperialviolet.org/2010/06/25/overclocking-ssl.html . Another way - as I noted above - is to use unencrypted connections on one subdomain and force HTTPS if using a site through a separate subdomain. Reddit does this: most connections on reddit are unencrypted, try this link and inspect in the console: http://www.reddit.com/r/google But if you use the pay.reddit.com subdomain, all communications are forced to be encrypted. Inspect this page in your console: https://pay.reddit.com/r/google . If you try and visit pay.reddit.comwithout using HTTPS, you'll get an error message: http://imgur.com/9K81FoB Another alternative is to set up nginx or another server as a reverse proxy, and configure it to rewrite cookies with respect to secure/unsecure connections. This option is difficult to configure though. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] dev_appserver.py cannot connect to some HTTP endpoint
Did that... Same problem, except that, yes, it do not try to check for upgrade. Didn´t know in fact if it succeded or not in contacting GAE servers, and did not remember if @home, there´s a differente feedback on console. The strage part is that I can do an appcfg.py update. It really works. But cannot run it in dev mode. And my machine, besides is running on my Work, was installed by me, same way (same distro) I installed @home. Tks again Marco -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] dev_appserver.py cannot connect to some HTTP endpoint
One addition: port 8000 works. I can use the admin UI. The 8080 is the tcp port that does not work. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] dev_appserver.py cannot connect to some HTTP endpoint
Ok. Some progress... If i completelly unset proxy, and tell to skip updates, I can yes bring the 8080 up. So, its the dame proxy... But, why... -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] dev_appserver.py cannot connect to some HTTP endpoint
Looks like it is sending to proxy the localhost requests... -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] HttpOnly-Cookie in Java?
Hey Stephan, thanks for the suggestion! But doesn't this solution write the JSESSIONID on every request? And it seems to only work after the 2nd HTTP request? Regards Stephan :) On Monday, May 26, 2014 12:57:30 PM UTC+2, Stephan Hartmann wrote: Hi Stephanos, Please find here some suggenstions how to set the httponly flag for session cookies on servlet containers prior to JEE6: https://www.owasp.org/index.php/HttpOnly#What_is_HttpOnly.3F Best regards, Stephan 2014-05-26 10:22 GMT+02:00 stephanos stephan...@gmail.com javascript:: Hey Vinny, thanks for your detailed response! But it seems you are talking about the 'Secure'-flag - not the 'HttpOnly'-flag. Because the 'HttpOnly'-flag has nothing to do with HTTPS/HTTP: It prevents Javascript from accessing the cookie. So even if we use HTTPS everywhere (which we do) if someone is able to inject Javascript into our application it can read the session cookie! On Monday, May 26, 2014 10:18:34 AM UTC+2, Vinny P wrote: On Fri, May 23, 2014 at 2:53 AM, stephanos stephan...@gmail.com wrote: Well, this can't be! How are others solving this? On Wed, Apr 30, 2014 at 3:09 AM, Vinny P vinn...@gmail.com wrote: I don't believe there's a way to do that. If you want a workaround, you could try hosting a HTTPS version of your site on one subdomain, and the regular HTTP version on another subdomain. Mark the cookie as only available on a single subdomain. There are a couple of ways to solve this. The easiest would be to make your site available through HTTPS only - detect if the user is using an unencrypted connection, and if so, redirect to the HTTPS equivalent URL. Forcing HTTPS everywhere isn't too much of a burden - a Gmail engineer wrote that SSL accounts for less than 1% of CPU load and less than 2% of network overheadhttps://www.imperialviolet.org/2010/06/25/overclocking-ssl.html . Another way - as I noted above - is to use unencrypted connections on one subdomain and force HTTPS if using a site through a separate subdomain. Reddit does this: most connections on reddit are unencrypted, try this link and inspect in the console: http://www.reddit.com/r/google But if you use the pay.reddit.com subdomain, all communications are forced to be encrypted. Inspect this page in your console: https://pay.reddit.com/r/google . If you try and visit pay.reddit.comwithout using HTTPS, you'll get an error message: http://imgur.com/9K81FoB Another alternative is to set up nginx or another server as a reverse proxy, and configure it to rewrite cookies with respect to secure/unsecure connections. This option is difficult to configure though. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com javascript:. To post to this group, send email to google-a...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] dev_appserver.py cannot connect to some HTTP endpoint
Yes, it is. I removed the opener.add_handler(fancy_urllib.FancyProxyHandler()) from appengine/tools/appengine_rpc.py Then I added an if 'localhost' not in host to add the proxy or not. This way I can start without having to disable GAE updates. Now the app loads. BUT inside the app, I still didnt managed to make python Requests to run with Proxy :-) Will left my appengine_rpc.py hacked, but this is a problem, isnt? Marco -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] HttpOnly-Cookie in Java?
Hi Stephan, request.getSession() creates a new session if there isn't already one (what's true for the first request) and its ID is available immediately after that, so it will work for the first request as well. If you are creating your sessions programmatically, you may know where request.getSession() is called and you could set the session cookie just immediately afterwards. Another solution would be a servlet filter that wraps the response and overrides the setHeader(String name, String value) method and check for calls with SET-COOKIE for name and values beginning with JSESSIONID and if it's the case, just append ; HttpOnly to the value before calling the setHeader method of the wrapped response. HTH, Stephan 2014-05-26 13:56 GMT+02:00 stephanos stephan.beh...@gmail.com: Hey Stephan, thanks for the suggestion! But doesn't this solution write the JSESSIONID on every request? And it seems to only work after the 2nd HTTP request? Regards Stephan :) On Monday, May 26, 2014 12:57:30 PM UTC+2, Stephan Hartmann wrote: Hi Stephanos, Please find here some suggenstions how to set the httponly flag for session cookies on servlet containers prior to JEE6: https://www.owasp.org/index.php/HttpOnly#What_is_HttpOnly.3F Best regards, Stephan 2014-05-26 10:22 GMT+02:00 stephanos stephan...@gmail.com: Hey Vinny, thanks for your detailed response! But it seems you are talking about the 'Secure'-flag - not the 'HttpOnly'-flag. Because the 'HttpOnly'-flag has nothing to do with HTTPS/HTTP: It prevents Javascript from accessing the cookie. So even if we use HTTPS everywhere (which we do) if someone is able to inject Javascript into our application it can read the session cookie! On Monday, May 26, 2014 10:18:34 AM UTC+2, Vinny P wrote: On Fri, May 23, 2014 at 2:53 AM, stephanos stephan...@gmail.com wrote: Well, this can't be! How are others solving this? On Wed, Apr 30, 2014 at 3:09 AM, Vinny P vinn...@gmail.com wrote: I don't believe there's a way to do that. If you want a workaround, you could try hosting a HTTPS version of your site on one subdomain, and the regular HTTP version on another subdomain. Mark the cookie as only available on a single subdomain. There are a couple of ways to solve this. The easiest would be to make your site available through HTTPS only - detect if the user is using an unencrypted connection, and if so, redirect to the HTTPS equivalent URL. Forcing HTTPS everywhere isn't too much of a burden - a Gmail engineer wrote that SSL accounts for less than 1% of CPU load and less than 2% of network overheadhttps://www.imperialviolet.org/2010/06/25/overclocking-ssl.html . Another way - as I noted above - is to use unencrypted connections on one subdomain and force HTTPS if using a site through a separate subdomain. Reddit does this: most connections on reddit are unencrypted, try this link and inspect in the console: http://www.reddit.com/r/google But if you use the pay.reddit.com subdomain, all communications are forced to be encrypted. Inspect this page in your console: https://pay.reddit.com/r/google . If you try and visit pay.reddit.comwithout using HTTPS, you'll get an error message: http://imgur.com/9K81FoB Another alternative is to set up nginx or another server as a reverse proxy, and configure it to rewrite cookies with respect to secure/unsecure connections. This option is difficult to configure though. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com. To post to this group, send email to google-a...@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
Re: [google-appengine] HttpOnly-Cookie in Java?
Hi Stephan, you are right, I didn't think about it this way. Thanks for going into detail :) PS: I tried the solution with the setHeader() a while ago and if I remember correctly the JSESSIONID-Cookie never went through this method. Could be because of App Engine, not sure. On Monday, May 26, 2014 4:29:39 PM UTC+2, Stephan Hartmann wrote: Hi Stephan, request.getSession() creates a new session if there isn't already one (what's true for the first request) and its ID is available immediately after that, so it will work for the first request as well. If you are creating your sessions programmatically, you may know where request.getSession() is called and you could set the session cookie just immediately afterwards. Another solution would be a servlet filter that wraps the response and overrides the setHeader(String name, String value) method and check for calls with SET-COOKIE for name and values beginning with JSESSIONID and if it's the case, just append ; HttpOnly to the value before calling the setHeader method of the wrapped response. HTH, Stephan 2014-05-26 13:56 GMT+02:00 stephanos stephan...@gmail.com javascript:: Hey Stephan, thanks for the suggestion! But doesn't this solution write the JSESSIONID on every request? And it seems to only work after the 2nd HTTP request? Regards Stephan :) On Monday, May 26, 2014 12:57:30 PM UTC+2, Stephan Hartmann wrote: Hi Stephanos, Please find here some suggenstions how to set the httponly flag for session cookies on servlet containers prior to JEE6: https://www.owasp.org/index.php/HttpOnly#What_is_HttpOnly.3F Best regards, Stephan 2014-05-26 10:22 GMT+02:00 stephanos stephan...@gmail.com: Hey Vinny, thanks for your detailed response! But it seems you are talking about the 'Secure'-flag - not the 'HttpOnly'-flag. Because the 'HttpOnly'-flag has nothing to do with HTTPS/HTTP: It prevents Javascript from accessing the cookie. So even if we use HTTPS everywhere (which we do) if someone is able to inject Javascript into our application it can read the session cookie! On Monday, May 26, 2014 10:18:34 AM UTC+2, Vinny P wrote: On Fri, May 23, 2014 at 2:53 AM, stephanos stephan...@gmail.com wrote: Well, this can't be! How are others solving this? On Wed, Apr 30, 2014 at 3:09 AM, Vinny P vinn...@gmail.com wrote: I don't believe there's a way to do that. If you want a workaround, you could try hosting a HTTPS version of your site on one subdomain, and the regular HTTP version on another subdomain. Mark the cookie as only available on a single subdomain. There are a couple of ways to solve this. The easiest would be to make your site available through HTTPS only - detect if the user is using an unencrypted connection, and if so, redirect to the HTTPS equivalent URL. Forcing HTTPS everywhere isn't too much of a burden - a Gmail engineer wrote that SSL accounts for less than 1% of CPU load and less than 2% of network overheadhttps://www.imperialviolet.org/2010/06/25/overclocking-ssl.html . Another way - as I noted above - is to use unencrypted connections on one subdomain and force HTTPS if using a site through a separate subdomain. Reddit does this: most connections on reddit are unencrypted, try this link and inspect in the console: http://www.reddit.com/r/google But if you use the pay.reddit.com subdomain, all communications are forced to be encrypted. Inspect this page in your console: https://pay.reddit.com/r/google . If you try and visit pay.reddit.comwithout using HTTPS, you'll get an error message: http://imgur.com/9K81FoB Another alternative is to set up nginx or another server as a reverse proxy, and configure it to rewrite cookies with respect to secure/unsecure connections. This option is difficult to configure though. - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com. To post to this group, send email to google-a...@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com javascript:. To post to this group, send email to google-a...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Google
Re: [google-appengine] Blobstore returns incorrect url
As in deploy it to the web? I dont know. I really need to be able to get it working locally first anyway. Thanks Aidan On Saturday, 10 May 2014 06:27:59 UTC+1, Vinny P wrote: On Fri, May 9, 2014 at 7:45 AM, Aidan Mack aida...@hotmail.comjavascript: wrote: Hi im having trouble returning the correct url from blob store. Could it be because Im logged in as a admin? ... You must be logged in as admin to see the page. If you deploy your application into production App Engine, is the correct blobstore URL returned? - -Vinny P Technology Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups Google App Engine group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.