HTTPS on Google App Engine - redirect in YAML file does not work

Question

I have a Python 3 app running on Google App Engine (flexible) without a custom domain. When the app routes from route '/' to '/form' it changes the protocol from https to http. Below is my app,yaml file:

runtime: python
env: flex
entrypoint: gunicorn -t 300 -b :$PORT main:app

runtime_config:
  python_version: 3

manual_scaling:
  instances: 1
resources:
  cpu: 1
  memory_gb: 3.5
  disk_size_gb: 10
  
liveness_check:
  check_interval_sec: 300
  timeout_sec: 200
  failure_threshold: 2
  success_threshold: 2

handlers:
- url: /.*
  secure: always
  redirect_http_response_code: 301
  script: auto
  
- url: /js
  static_dir: static/js

I would like to serve all pages/ route using https. What am I doing wrong?

Thank you very much for your help.

Answer 1

The App Engine Flex environment does not support the handlers element in the app.yaml and although it's not giving you any error, it's just being ignored. As you can see in the official documentation, in the yaml reference there's no mention for the handlers block for Flexible. Opposed to that, in the Standard environment the handlers environment can be specified and it won't be ignored.

Therefore, in order to serve all of the requests from HTTPS instead of HTTP, you will have to force that behavior from the code itself. To do so, you need to include the Strict-Transport-Security header in your response. The docs also cover this topic, you can check it out here.

Answer 2

Adding the following line to my code solved the issue for me:

DEFAULT_REFERRER_POLICY = 'strict-origin-when-cross-origin'