I'm using Google App Engine to host a couple of services (a NextJS <https://nextjs.org/> SSR service and a backend API built on Express). I've setup my dispatch.yaml file to route /api/* requests to my API service and all other requests get routed to the default (NextJS) service Dispatch.yaml: dispatch: - url: '*/api/*' service: api
The problem: I've also turned on Identity-Aware Proxy for App Engine. When I try to make a GET request from my NextJS service to my API (server-side, via getServerSideProps) it triggers the IAP sign-in page again instead of hitting my API. I've tried out a few ideas to resolve this: 1. Forwarding all cookies in the API request 2. Setting the X-Requested-With header as mentioned here <https://cloud.google.com/iap/docs/sessions-howto#understanding_the_response> 3. Giving IAP-secured Web App User permissions to my App Engine default service account But nothing seems to work. I've confirmed that turning off IAP for App Engine allows everything to function as expected. Any requests to the API from the frontend also work as expected. Is there a solution I'm missing or a workaround for this? -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/ec5ae353-1325-4374-a16f-9101be966280n%40googlegroups.com.
