Cannot direct link to the Standard Google Apps creation screen

[Jason Collins]

It's nice that Google has provided a way to create a single-user, standard Google Apps account for the purpose of mapping a custom domain to App Engine (hopefully this is a stopgap because it's still a major pain to set this up just for the domain mapping - see (and star!) Issue 8528 for my suggested API to eliminate this step entirely).

However, it appears as though customers cannot direct link to this form. They must start from within the App Engine console (presumably HTTP_REFERER is used or something). Of course, our customers do not have access to our App Engine console, so they need to direct link to the form. Try it now to see the redirection in action:

  https://www.google.com/a/cpanel/standard/new3?refererName=AppEngine

So, our customers can no longer map their domain to our application. This is a major problem for us.

Can this redirection be removed?

j

[Jason Collins]

BTW, I've confirmed that this "security" is implemented on the back of HTTP Referer header, which of course is super-easy to spoof. 

If the goal is to prevent malicious creation of single-user Google Apps accounts, this will not achieve that. 

If the goal is to prevent legitimate users from allowing their customers to easily map their branded domain into a Google App Engine hosted application so that the legitimate user can grow their company (and ultimately pay more $$ for Google services), then mission accomplished!

j