From 59417492f03e0d55e544815ff163973cef919f67 Mon Sep 17 00:00:00 2001
From: Dmitri Shuralyov <dmitshur@golang.org>
Date: Fri, 30 Oct 2020 18:15:36 -0400
Subject: tour: redirect HTTP traffic to HTTPS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Set secure to always on all handlers so that HTTP traffic
is redirected to an HTTPS URL with the same path.

References:

•	https://cloud.google.com/appengine/docs/standard/go/application-security#https_requests
•	https://cloud.google.com/appengine/docs/standard/go/config/appref#handlers_secure

For golang/go#42281.

Change-Id: Ic03e01d5858e1e5b8ae1b523ab34d970e1403ce0
Reviewed-on: https://go-review.googlesource.com/c/tour/+/266817
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
---
 app.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app.yaml b/app.yaml
index 5ba09d0..aab2f02 100644
--- a/app.yaml
+++ b/app.yaml
@@ -15,9 +15,10 @@ env_variables:
 
 default_expiration: "7d"
 
+handlers:
+
 # Keep these static file handlers in sync with local.go.
 # They're here for improved latency across global regions.
-handlers:
 - url: /favicon.ico
   static_files: static/img/favicon.ico
   upload: static/img/favicon.ico
@@ -28,3 +29,9 @@ handlers:
 - url: /static
   static_dir: static
   secure: always
+
+# This is here to redirect all HTTP traffic to an HTTPS URL
+# with the same path.
+- url: /.*
+  script: auto
+  secure: always
-- 
cgit v1.3