Enforce Https with cloud endpoints Framework v2

1
votes

I am currently using cloud endpoints framework on an Appengine application.

Is it possible to enforce Https protocol for exposed endpoints?
Now, I am able to call my endpoints in https but also in http.
I wonder if we can set a redirection to Https like we can in appengine with the "transport-guarantee" set to CONFIDENTIAL.

As an example when I call the drive API on Http, I get the following message

{
"error": {
    "errors": [
        {
            "domain": "global",
            "reason": "sslRequired",
            "message": "SSL is required to perform this operation."
        }
    ],
    "code": 403,
    "message": "SSL is required to perform this operation."
}

}

I would like to have the same behavior with cloud endpoint framework.

Subsidiary questions I found no way to also set HTST on cloud endpoint framework whereas Google is promoting it. Did I misunderstand something?

Thx!

1
google-cloud-platformgoogle-cloud-endpointsgoogle-cloud-endpoints-v2

1 Answers

1
votes

If you're using Endpoints Frameworks, that's just a code library for doing API policy enforcement (API keys, rate limiting, etc.), which means Endpoints is only involved after an HTTPS or HTTP connection has been established.

Since you're running your API on App Engine, I'd recommend trying to make your AppEngine app HTTPS-only.