Hello Bill, I understand that your App Engine application is not defaulting to HTTPS. Looking at the options available, I found this Stackoverflow article here <https://stackoverflow.com/questions/54157827/app-engine-custom-domain-not-defaulting-to-https>. It suggests to put the following two lines in your app.yaml
file: secure: always redirect_http_response_code: 301 I know that this is for another runtime and that the app uses the default Google Managed SSL but the idea is the same. Can you try this out and let us know if it works for you? For the benefit of the community, I have found some documentation on how to create a PHP application <https://medium.com/hackernoon/how-to-deploy-a-laravel-web-app-on-google-app-engine-ecfbb0d49b00> of Google App Engine. Also, I have found some information on how to secure your application with SSL in the general documentation <https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs> . On Monday, June 28, 2021 at 11:46:06 AM UTC-4 [email protected] wrote: > > Hi, > I've added a subdomain today to my app on App Engine. The app is PHP > Laravel. > > The app makes use of the default Google Managed SSL. > > In addition, I added a middleware to make sure to add the following header: > > $response->headers->set('Strict-Transport-Security', 'max-age=31536000; > includeSubDomains; preload'); > > Now, when I access the app via the custom domain, I can see the response > header there. However, the app stays on the HTTP and is not being served on > HTTPS. > > Is there anything else to do to make sure the custom domain is always > accessed via SSL? > > Thanks > Bill > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/18904aa3-acf1-4f1b-bc98-af13c4532534n%40googlegroups.com.
