In the Google Docs it says
You can configure any manual or basic scaling module to accept requests from other modules in your app by restricting its handler to only allow administrator accounts, specifying login: admin for the appropriate handler in the module's configuration file. With this restriction in place, any URLFetch from any other module in the app will be automatically authenticated by App Engine, and any request that is not from the application will be rejected.
so i did that, but unfortunately it does not work. I am requesting a url from module A on module B which is protected by the login: admin
property
I can fetch that url in the browser which shows me the login page and after i continue as admin i can fetch my route.
How is it supposed to work? As far as i understand it should add a header to the request which includes some kind of authorization token.
If i fetch that same url within a request on module A i get the same redirect. urllib2
follows the 302
status code by default and the result is the login page.
I am running the environment using the gcloud preview app run
command. Module A is a default module and module B is a Managed VM Container, might this be the problem here?
I can confirm this is occurring, and I've reproduced the issue. The issue is being tracked over in the App Engine public issue tracker. Follow there for any updates.
For now, I think it's much better to be manually-inspecting the
X-Appengine-Inbound-Appid
header, as this is managed by the infrastructure and can't be spoofed.You could also implement OAuth, but that adds overhead you may not want or need on a small app.