Using the existence of an "X-Appengine-Inbound-Appid" header to authorize GAE-to-GAE requests is the recommended mechanism, via calling the URLFetch service with something like the following (Python):
When the receiving GAE app is in the Standard environment, everything works as expected and the "X-Appengine-Inbound-Appid" header is present in the request.
However, when the receiving GAE app is in the Flexible environment, which now necessarily means a domain name of "appspot-preview.com" because of the recent changes outlined here, the header is not present. I'm guessing this was just missed when making the changes to the domain name rules around GAE Flexible environment apps, but would love to get some feedback on whether or not this will be resolved before the Flexible environment is made GA.
I attached the three GAE apps that will reproduce this behavior (auth-test.tar.gz), including one Standard environment app that makes the URLFetch requests, one Standard environment app that successfully receives the expected header, and one Flexible environment app that does not successfully receive the expected header. The pertinent code is as follows:
Requesting app main.py:
import logging
from google.appengine.api import app_identity
from google.appengine.api import urlfetch
from flask import Flask
APP_ID = app_identity.get_application_id()
FETCH_FLEX_URL = (
.format(APP_ID))
FETCH_STANDARD_URL = (
.format(APP_ID))
app = Flask(__name__)
@app.route('/flex')
def flex():
result = urlfetch.fetch(
url=FETCH_FLEX_URL,
follow_redirects=False,
method=urlfetch.GET)
return str(result.content)
@app.route('/standard')
def standard():
result = urlfetch.fetch(
url=FETCH_STANDARD_URL,
follow_redirects=False,
method=urlfetch.GET)
return str(result.content)
@app.errorhandler(500)
def server_error(e):
# Log the error and stacktrace.
logging.exception('An error occurred during a request.')
return 'An internal error occurred.', 500
Receiving Standard environment app main.py:
import logging
from flask import Flask, request
app = Flask(__name__)
@app.route('/', methods = ['GET'])
def check_appid():
return request.headers.get('X-Appengine-Inbound-Appid', "NADA!!!")
@app.errorhandler(500)
def server_error(e):
# Log the error and stacktrace.
logging.exception('An error occurred during a request.')
return 'An internal error occurred.', 500
Receiving Flexible environment app main.py (identical to above):
import logging
from flask import Flask, request
app = Flask(__name__)
@app.route('/', methods = ['GET'])
def check_appid():
return request.headers.get('X-Appengine-Inbound-Appid', "NADA!!!")
@app.errorhandler(500)
def server_error(e):
# Log the error and stacktrace.
logging.exception('An error occurred during a request.')
return 'An internal error occurred.', 500
Thanks!