"secure" flag in the logs
Whenever there is execution of a workflow you can see execution details in the logs. I saw that secure flag is false. Can anyone provide more info about this flag?
How secure is BuildShip for production use at this point in time?
2 Replies
Hey @Interlooper, the
secure property indicates whether the request was issued via TLS, or not (see here: https://github.com/koajs/koa/blob/master/docs/api/request.md#requestsecure).
The reason behind the property being false is simply the way the Google Cloud Platform handles HTTPS requests.
You can read more about it here: https://cloud.google.com/run/docs/triggering/https-request#creating_public_services, but the TLDR is that GCP terminates the request's TLS before it reaches the service (in this case, BuildShip's backend container instances), which the container then perceives to be a HTTP request, even though the actual request is indeed made over the HTTPS protocol. Rest assured, BuildShip is safe for production-use.GitHub
koa/docs/api/request.md at master · koajs/koa
Expressive middleware for node.js using ES2017 async functions - koajs/koa
To prevent confusion, we'll work on removing the
secure property from the logs