Interlooper
Interlooper11mo ago

"secure" flag in the logs

Whenever there is execution of a workflow you can see execution details in the logs. I saw that secure flag is false. Can anyone provide more info about this flag? How secure is BuildShip for production use at this point in time?
No description
2 Replies
nithinrdy
nithinrdy11mo ago
Hey @Interlooper, the secure property indicates whether the request was issued via TLS, or not (see here: https://github.com/koajs/koa/blob/master/docs/api/request.md#requestsecure). The reason behind the property being false is simply the way the Google Cloud Platform handles HTTPS requests. You can read more about it here: https://cloud.google.com/run/docs/triggering/https-request#creating_public_services, but the TLDR is that GCP terminates the request's TLS before it reaches the service (in this case, BuildShip's backend container instances), which the container then perceives to be a HTTP request, even though the actual request is indeed made over the HTTPS protocol. Rest assured, BuildShip is safe for production-use.
GitHub
koa/docs/api/request.md at master · koajs/koa
Expressive middleware for node.js using ES2017 async functions - koajs/koa
nithinrdy
nithinrdy11mo ago
To prevent confusion, we'll work on removing the secure property from the logs