Setting Up Free HTTPS Connection With Cloudflare and Google App Engine Using AJAX

In this article, we will walk you through the steps to establish a free HTTPS connection between Cloudflare and Google App Engine (GAE) while making use of AJAX requests. We’ll also address the common issue of a redirect loop that can occur when enabling Cloudflare’s Full SSL.

Prerequisites

Before you begin, make sure you have the following:

  1. A website hosted on Google App Engine.
  2. A Cloudflare account with your domain added.

Step 1: Force HTTPS on Cloudflare Page Rules

To ensure that your website enforces HTTPS, you should set up Page Rules in Cloudflare. Follow these steps:

  1. Log in to your Cloudflare account.

  2. Go to the Page Rules section.

  3. Create two rules to force HTTPS for your domain and its subdomains:

    example.com/*
    *.example.com/*

    Configure these rules to always use HTTPS.

Step 2: Disable Force HTTPS in GAE

By default, Google App Engine may have settings that force HTTPS. To prevent a redirect loop, disable the force HTTPS setting in your GAE web.xml file. Here’s how:

  1. Access your Google App Engine project.

  2. Locate the web.xml file in your project’s configuration.

  3. Within the web.xml file, look for any settings related to forcing HTTPS and disable them. This ensures that Cloudflare can fetch resources using both secure and unsecured HTTP.

Step 3: Ensure HTTPS for AJAX URLs

To ensure that your AJAX requests work seamlessly over HTTPS, follow these steps:

  1. Make sure all your AJAX URLs use the HTTPS protocol.

  2. Ensure that your AJAX requests are directed to the direct *.appspot.com site. This is important because when using Cloudflare’s HTTPS, AJAX calls must be valid even when Cloudflare is serving content via HTTPS.

By following these steps, you can establish a free HTTPS connection between Cloudflare and Google App Engine while ensuring that your AJAX requests function correctly over HTTPS.

Remember to regularly check and update your configurations as needed to maintain a secure and smooth user experience on your website.

0%