google-app-engine google-cloud-platform google-tasks google-cloud-tasks

How to secure an app engine app to be available only to Google Cloud Task?

I would like to create a task handler that is supposed to deal with some tasks with retry, etc.

But I want this endpoint to only be triggerable by a specific queue in google task ?

How am I supposed to deal with it ? What is the best practice ?

Best regards

Solution

UPDATE: Check Will's comment. This answer might be outdated and no longer work. Before applying it, be sure to test extensively.

According to the Cloud Tasks documentation, requests incoming from Cloud Tasks will have the X-AppEngine-QueueName header.

This header does not appear listed in the GAE docs about requests headers removed, but I just tested it and this header is also removed.

To secure your GAE app to only be called through Cloud Tasks, validate that the X-AppEngine-QueueName header is in one of the approved queues that you want to allow to call your app.

gcloud not recognized as an internal or external command on Windows
Not able to connect mysql with SSL enforced to app engine without connecting first in cloud shell
GAE: find project name by project number
Google Cloud Bigtable vs Google Cloud Datastore
Can appengine files in asia.artifacts.../containers/images be safely deleted?
Google App Engine is sending SVG with wrong mime-type
Conflicting Errors with Google Cloud App Engine: App Already Exists But Can't Describe It
A python web framework for google app engine
Google Cloud Storage vs Google Cloud CDN
gcloud.app.deploy Error Response: [13] Failed to create cloud build: invalid bucket
Deleting a Google App Engine application
Google App Engine slow cold boot time (Flask app)
Why does my flex env google app engine instance have a minimum of 2 instances running, even when there is no traffic?
JPA - When to use getTransaction() when persisting objects
Python Headless Browser for GAE
No api proxy found for service "memcache" GAE unittest2
How to get the root directory of my app in google app engine?
Install a NPM module in docker image and run it with golang app, using Google App Engine flex
Migrate "App Engine Standard" away from"Container Registry?" (for "Artifact Registry")
What is the best way to determine the maximum concurrent requests per instance for your App Engine or Cloud Run app?
Do Google Cloud Task requests count towards concurrent requests in Google App Engine?
Error migrating Google Cloud Container Registry to Artifact Registry: RESOURCE_EXHAUSTED
Is it possible to receive email bounce notifications for google app engine - python?
Google API - Cross platform client credential authentication
Error during `gcloud app deploy` for GAE app: "Failed to create cloud build: invalid bucket"
google cloud online glossary creation returning "empty resource name" error
Hosting multiple customer websites on Google App Engine with Different custom domains pointing to different services
How to use GAE's dispatch.yaml with multiple development environments?
GWT - Passing arguments when deploying with google plugin for eclipse
app.yaml deprecated for java in appengine?