Comments (17)
I'd call this a P1! Do you have time to look into how to set SSL up on GCP?
https://cloud.google.com/sql/docs/mysql/configure-ssl-instance
@pbakaus does anything else need to be done to redirect to HTTPS?
from samples.
@morsssss will await @pbakaus comments and then start working on this. Will reach out to you to ask for access to the backend.
from samples.
nothing else AFAIK, I just don't know how to properly set it up on GCP.
from samples.
Hi guys,
I'm not seeing any reference to the domain "amp.cards" in the code itself, or any configuration file, outside the data-iframe-src attribute of the amp-install-serviceworker component.
With that said, I think that all the configuration should be done on GCP console.
This seems to be the guide to migrate to a Node Application to SSL when using custom domains.
If we can take a look at the GCP console, maybe we can check if all the required steps are correct.
from samples.
I just looked into this for a little bit, and don't think there's anything to be done in GCP. Rather, it's HSTS (Strict Transport Security) headers that are missing, and I figured the obvious way to add them would be in the actual server: https://github.com/ampproject/amp-publisher-sample/blob/master/amp-pwa-reader/src/server/server.js
However, I'm at a loss why all of this even works on HTTPS today anyway, as the express server spun up in that file doesn't configure HTTPS...I wonder if GCP does wicked magic?
from samples.
Thanks Paul, would you recommend to add the header directly on the code on server.js, or using something like helmet, that would encapsulate many security features (including HSTS)?
If the latter, the work would consist on adding one entry to package.json, and two lines of code to server.js.
from samples.
Hey everyone. We use this config in PWA Directory, to make all URLs be served from a secure URL: https://github.com/GoogleChromeLabs/gulliver/blob/master/app.yaml#L18-L21, along with this bit: https://github.com/GoogleChromeLabs/gulliver/blob/master/app.js#L41-L49 Does this help?
from samples.
oooh this looks good. Andre or Demian, are you cool providing a PR with this change?
from samples.
This is what I tried adding locally to add helmet, but haven't tested in a live environment yet, to see if it actually works:
npm install helmet --save (will add helmet dependency to gulpfile).
On server.js:
const helmet = require('helmet')
app.use(helmet());
Before moving forward with this option, do you guys think that using helmet is the way to go, or it's better to stick to Andre's solution (which seems to solve the particular SSL need, without adding anything else that might potentially be unnecessary)?
from samples.
BTW: helmet is recommended as best practice on ExpressJS site, but I don't have any other experience with it.
from samples.
So the files Andre pointed out, the change in app.yaml is probably the most important as it relates to GCP.
The thing that I'm wondering about: Why does HTTPS even work today (as there is no code at all suggesting express is configured for it)? So anyway, I'm all for trying out helmet and doing the app.yaml change and see how it goes.
from samples.
@pbakaus @morsssss @andreban created PR #119 and uploaded a version on GCP at: steel-topic-208022.appspot.com.
from samples.
Deployed! All looks good π
from samples.
@morsssss thank you Ben,
I've just tested amp.cards, but I don't see it's redirecting to HTTPS by default.
Please, let me know if you need my help to do some extra tests (in case the latest version is not in prod yet).
from samples.
BTW, just cloned the latest version and uploaded it here: nodejs-tests-210101.appspot.com.
On my tests it is always redirecting to HTTPS, regardless of the protocol on the URL.
from samples.
from samples.
Hi Ben! In case you test the url I sent before: I turned off nodejs-tests-210101.appspot.com, because I found I was starting to get charged again.
I can't explain the reasons since that version should be receiving no traffic (or minimal). Maybe there's some special configuration requirement on this project reserving resources.
Don't worry about checking the code, maybe we can take a look on Thursday at the production server to understand why it's not redirecting by default, or any other day.
from samples.
Related Issues (20)
- `componentWillReceiveProps` for react-amp-document will be removed in React 17
- [amp-shadow-reader] 'connect-history-api-fallback' declared at gulpfile.js and NOT USED?
- Dependency deprecation warning: babel-preset-es2015 (npm)
- Dependency deprecation warning: babel-preset-es2015 (npm)
- Error in running Amp-pwa sample HOT 5
- Unable to install amp-paywall-demo
- Remove Google+ from AMP Samples
- amp-camp fails to start
- Creating a PWAMP application using wordpress as CMS HOT 6
- Consider some accessibility for the top of the page at https://amp-article.herokuapp.com/ HOT 1
- AMP Camp: related products don't work when you click on item from cart
- In amp-update-cache sample we are getting amp_ts=undefined error.
- I tried to find the declaration the ${ampjs} but I did not find it. ΒΏWhere is it? HOT 1
- Rename the default branch of this repo from `master` to `main` HOT 7
- Sample for angular
- Demo is down
- Dependency Dashboard
- ampproject/samples
- Samples
- Working Groups for amp
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samples.