Re: [web2py] Re: Forcing SSL mode (on GAE)
Hi, you use the yaml configuration to force ssl, such as: handlers: - url: /youraccount/.* script: accounts.py login: required secure: always see https://developers.google.com/appengine/docs/python/config/appconfig#Python_app_yaml_Secure_URLs Cheers! pd Am Donnerstag, 7. Februar 2013 08:24:43 UTC+1 schrieb Philip Kilner: > > Hi, > > On 06/02/13 20:45, howesc wrote: > > if you want all requests in SSL it sounds like the best thing to me. > > > > Yes, it's working very well from my PoV - but my needs are very simple > in that I want to force SSL for everything. I'm used to doing this in > Apache, so haven't previously had to think about it enforcing it within > the app. > > There was a browser-specific issue where e.g. Firefox worked > immediately, but Chrome blocked the jQuery scripts from Google's CDN on > the basis that they were insecure. Changing the link to the scripts to > https sorted that. > > > note that on GAE if you want to use SSL and a custom domain you have to > > purchase additional add-ons to the GAE service. https on the > > appspot.com domain is free. > > > > Understood - I'm happy withe the appspot.com URL, FWIW. > > > -- > > Regards, > > PhilK > > > 'a bell is a cup...until it is struck' > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Forcing SSL mode (on GAE)
Hi, On 06/02/13 20:45, howesc wrote: if you want all requests in SSL it sounds like the best thing to me. Yes, it's working very well from my PoV - but my needs are very simple in that I want to force SSL for everything. I'm used to doing this in Apache, so haven't previously had to think about it enforcing it within the app. There was a browser-specific issue where e.g. Firefox worked immediately, but Chrome blocked the jQuery scripts from Google's CDN on the basis that they were insecure. Changing the link to the scripts to https sorted that. note that on GAE if you want to use SSL and a custom domain you have to purchase additional add-ons to the GAE service. https on the appspot.com domain is free. Understood - I'm happy withe the appspot.com URL, FWIW. -- Regards, PhilK 'a bell is a cup...until it is struck' -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: Forcing SSL mode (on GAE)
if you want all requests in SSL it sounds like the best thing to me. note that on GAE if you want to use SSL and a custom domain you have to purchase additional add-ons to the GAE service. https on the appspot.com domain is free. cfh On Tuesday, February 5, 2013 9:49:34 AM UTC-8, Philip Kilner wrote: > > Hi All, > > Am just about to test using "request.requires_https()" to force my GAE > sessions into SSL mode. > > Is this the best way to do it (a) generally or (b) on GAE in particular? > > > -- > > Regards, > > PhilK > > > 'a bell is a cup...until it is struck' > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.