search

stev-ou / stev

Student-Teacher Evaluations Visualization (STEV) Web Application
https://ou.evals.info
GNU General Public License v3.0
2 stars 0 forks source link

Force HTTPS over HTTP #25

Closed zachschuermann closed 5 years ago

samjett247 commented 5 years ago

@schuermannator This is done right? I checked on mine and I think it was enforcing https. Just was thinking to close the issue.

zachschuermann commented 5 years ago

no, still if you visit http://ou.evals.info it won't redirect. Still trying to investigate the best way to fix

samjett247 commented 5 years ago

Can you add a CNAME entry to ou.evals.info to redirect to evals.info, which will redirect back to ou.evals.info but with enforced https? Lol its kinda a backwards route but might work 🤷‍♂ @schuermannator

zachschuermann commented 5 years ago

I'll investigate but can't say that sounds promising haha

zachschuermann commented 5 years ago

Hello Google Cloud Run Customer,

We are writing to let you know that in order to make Cloud Run secured by default, Cloud Run services will only be accessible via HTTPS.

What do I need to know? Any HTTP requests to Cloud Run services will receive a 302 "Moved Temporarily" status code that redirects to the HTTPS location. Web browsers follow this redirection. Requests to Cloud Run services invoked via HTTP from clients which do not follow 302 redirects will start failing. To avoid any service disruption, please ensure your Cloud Run services are invoked using HTTPS (URLs that start with ‘https://’). This applies to both *.run.app endpoints and endpoints using custom domains.

What do I need to do? If your Cloud Run service is invoked via HTTP from clients that do not follow redirects, please ensure the clients making the requests use HTTPS by August 19, 2019.

Your project(s) listed below have Cloud Run services that served over HTTP in the last 7 days:

If you have any questions or require assistance, please reply to this email to contact Google Cloud Support.

Thank you for being a valued Cloud Run customer.

zachschuermann commented 5 years ago

Got this email that they are doing forceful migration to HTTPS. So we should be good. I'll close after validated @samjett247

samjett247 commented 5 years ago

LGTM. But also can we talk about how OU doesn't even enforce https on their websites? Lol

samjett247 commented 5 years ago

Actually, just tried http://api.evals.info/api/v0/ and didn't get redirected to https; I thought the API was running on Google Cloud Run?

zachschuermann commented 5 years ago

I'm getting automatically redirected on everything now @samjett247. Let me know if I'm missing anything, closing if not.

samjett247 commented 5 years ago

Yup me too :) Thanks Google!