which custom HTTP header names allowed?
174 views
Skip to first unread message
Carter
Jul 27, 2011, 6:58:45 PM7/27/11
to Google App Engine
We have a proxy that needs to send the client's IP address to GAE.
We tried setting a custom HTTP header of "X-client-ip", but that seems
to get filtered by GAE.
We could include the info in use User-Agent, but that seems hack-ish.
The doc (http://code.google.com/appengine/docs/java/runtime.html )
says:
Request Headers
"An incoming HTTP request includes the HTTP headers sent by the
client. For security purposes, some headers are sanitized or amended
by intermediate proxies before they reach the application."
So what custom header name can we use?
We tried setting a custom HTTP header of "X-client-ip", but that seems
to get filtered by GAE.
We could include the info in use User-Agent, but that seems hack-ish.
The doc (http://code.google.com/appengine/docs/java/runtime.html )
says:
Request Headers
"An incoming HTTP request includes the HTTP headers sent by the
client. For security purposes, some headers are sanitized or amended
by intermediate proxies before they reach the application."
So what custom header name can we use?
Carter
Aug 3, 2011, 12:04:00 PM8/3/11
to Google App Engine
Any info on GAE-acceptable names for custom HTTP headers?
We can use User-Agent as workaround, but we'd like to know our
options.
On Jul 27, 3:58 pm, Carter <jcmas...@gmail.com> wrote:
> We have a proxy that needs to send the client's IP address to GAE.
> We tried setting acustomHTTPheader of "X-client-ip", but that seems
> client. For security purposes, someheadersare sanitized or amended
We can use User-Agent as workaround, but we'd like to know our
options.
On Jul 27, 3:58 pm, Carter <jcmas...@gmail.com> wrote:
> We have a proxy that needs to send the client's IP address to GAE.
> to get filtered by GAE.
> We could include the info in use User-Agent, but that seems hack-ish.
>
> The doc (http://code.google.com/appengine/docs/java/runtime.html)
> says:
> RequestHeaders
> "An incomingHTTPrequest includes theHTTPheaderssent by the
> We could include the info in use User-Agent, but that seems hack-ish.
>
> The doc (http://code.google.com/appengine/docs/java/runtime.html)
> says:
> RequestHeaders
> client. For security purposes, someheadersare sanitized or amended
Robert Kluin
Aug 4, 2011, 1:18:40 AM8/4/11
to google-a...@googlegroups.com
Hi Carter,
If it is a proxy how about using X-Forwarded-For? I tested using
curl, it doesn't get filtered.
If it is a proxy how about using X-Forwarded-For? I tested using
curl, it doesn't get filtered.
Robert
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
>
>
Carter Maslan
Aug 4, 2011, 1:46:43 AM8/4/11
to google-a...@googlegroups.com
thanks Robert; X-Forwarded-For is a great suggestion and thanks for verifying that it's not filtered.
We also need to pass a timestamp representing the start of the client's request.
So I'm still interested in any Google guidelines on which custom headers are safe from their filtering generally.
thanks again,
Carter
Carter
Robert Kluin
Aug 4, 2011, 2:00:39 AM8/4/11
to google-a...@googlegroups.com
Hi,
I think there is a standard Date header, right? Or perhaps you
could use something like X-Request-Time.
I think there is a standard Date header, right? Or perhaps you
could use something like X-Request-Time.
I agree, a list of headers would be good. I think the headers they
filter are mostly things related to App Engine -- task headers, appid,
etc....
Robert
Reply all
Reply to author
Forward
0 new messages