Redirect Loop for Google Account login with SSL for Custom Domain on Google App Engine
https://stackoverflow.com/questions/11726248
-
23-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I have setup SSL (VIP) for a custom domain on my Google App Engine app (https://www.gqueues.com).
Everything works fine for most of my users. There are no problems at all for users who login with their Google Apps accounts (which uses OpenId). Most users who login with their Google Accounts don't have any problems either.
HOWEVER, a handful of Google Account users get a redirect loop error
(ERR_TOO_MANY_REDIRECTS) like the image below when they attempt to login.
This is the code I'm using to create the login url. It's worked fine for the last 3 years, and the only thing that has changed is that it now goes to https instead of http:
loginURL = users.create_login_url("https://www.gqueues.com/main")
The main page has login required:
@login_required
def get(self):
I am unable to reproduce the redirect loop with any of my test accounts or machines. However, one of my users reported that it seemed to be looping between these two addresses:
https://appengine.google.com/_ah/loginform?state=xxxxxxxxxxx
https://www.gqueues.com/_ah/conflogin?state=xxxxxxxxxxxxxx
On some other SO posts about redirect loops people suggest that some of these auth pages are getting cached, but I've checked and all of them use a 302 redirect which doesn't get cached.
Also, I've had the users with the issue clear their browser cache and cookies and make sure they are NOT blocking third-party cookies, but none of this helps. The problem occurs on various browsers and operating systems, so I don't think it pertains to a particular setup.
The only thing that works is to have the users with the problem access my app on the appspot address: https://gqueues-hrd.appspot.com
This of course is not really a solution at all. The reason I'm spending thousands of dollars for the SSL certificate and VIP on GAE is so that everything the user sees is on my custom domain (and so that I'm using my own certificate and not some shared one from Google).
Does anyone (particularly from the App Engine team) have any idea what's going on? It seems like the issue is somewhere in the Google Account login code implemented in App Engine or perhaps with the new SSL for custom domains code.
Thanks much,
Cameron
해결책
We think we've identified the problem on the App Engine side and we're working on a fix. Thanks!
