BTW, I've confirmed that this "security" is implemented on the back of HTTP Referer header, which of course is super-easy to spoof.
If the goal is to prevent malicious creation of single-user Google Apps accounts, this will not achieve that. If the goal is to prevent legitimate users from allowing their customers to easily map their branded domain into a Google App Engine hosted application so that the legitimate user can grow their company (and ultimately pay more $$ for Google services), then mission accomplished! j On Tuesday, 11 December 2012 15:23:23 UTC-6, Jason Collins wrote: > > It's nice that Google has provided a way to create a single-user, standard > Google Apps account for the purpose of mapping a custom domain to App > Engine (hopefully this is a stopgap because it's still a major pain to set > this up just for the domain mapping - see (and star!) Issue > 8528<http://code.google.com/p/googleappengine/issues/detail?id=8528>for my > suggested API to eliminate this step entirely). > > However, it appears as though customers cannot direct link to this form. > They must start from within the App Engine console (presumably HTTP_REFERER > is used or something). Of course, our customers do not have access to our > App Engine console, so they need to direct link to the form. Try it now to > see the redirection in action: > > https://www.google.com/a/cpanel/standard/new3?refererName=AppEngine > > So, our customers can no longer map their domain to our application. This > is a major problem for us. > > Can this redirection be removed? > j > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/LmanvGXj3PAJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
