Assigned
Status Update
No update yet.
Comments
va...@google.com
Hello,
Thank you for reaching out to us!
I tried to reproduce this issue at my end. However, I am getting the intended behavior.
Please check the
Please let me know if that helped you with your use case and if there is anything else you would need assistance with.
Thank you
pa...@landisgyr.com
Hi, please read the documentation you linked:
> Scheme
> JavaScript origins must use the HTTPS scheme, not plain HTTP. Localhost URIs (including localhost IP address URIs) are exempt from this rule.
Subdomains of localhost (ie. foo.localhost) *are* "Localhost URIs" but are not currently exempt from the rule, contrary to the documentation.
> Scheme
> JavaScript origins must use the HTTPS scheme, not plain HTTP. Localhost URIs (including localhost IP address URIs) are exempt from this rule.
Subdomains of localhost (ie. foo.localhost) *are* "Localhost URIs" but are not currently exempt from the rule, contrary to the documentation.
Description
This will create a feature request which anybody can view and comment on.
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish:
Currently there is no way to prevent the access to API Gateway from public internet. From the below architecture [1], it seems it can be placed behind GLB as Serverless NEG for API Gateway.
However, if user knows the URL of API Gateway, he/she can directly access the API Gateway. It seems there is no way to restrict the ingress traffic to API Traffic internal to GCP only.
[1]https://cloud.google.com/api-gateway/docs/gateway-serverless-neg#creating_the_load_balancer
How this might work:
If applicable, reasons why alternative solutions are not sufficient: It seems even using the service account
Other information (workarounds you have tried, documentation consulted, etc):