HTTPS by default on AppEngine

rowan-m · rowan-m · commit bb11acc07081 · 2018-08-01T01:14:40.000+01:00
diff --git a/examples/appengine-https.php b/examples/appengine-https.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * @copyright Copyright (c) 2015, Google Inc.
+ * @link      https://www.google.com/recaptcha
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+// Redirect to HTTPS by default (for AppEngine)
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+    if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'http') {
+        header('HTTP/1.1 301 Moved Permanently');
+        header('Location: https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
+        exit(0);
+    } else {
+        header('Strict-Transport-Security: max-age=63072000; includeSubDomains; preload');
+    }
+}
diff --git a/examples/index.php b/examples/index.php
@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+require __DIR__ . '/appengine-https.php';
 ?>
 <!DOCTYPE html>
 <html lang="en">
diff --git a/examples/recaptcha-v2-checkbox-explicit.php b/examples/recaptcha-v2-checkbox-explicit.php
@@ -21,6 +21,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+require __DIR__ . '/appengine-https.php';
+
 // Initiate the autoloader. The file should be generated by Composer.
 // You will provide your own autoloader or require the files directly if you did
 // not install via Composer.
diff --git a/examples/recaptcha-v2-checkbox.php b/examples/recaptcha-v2-checkbox.php
@@ -21,7 +21,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-// Initiate the autoloader. The file should be generated by Composer.
+require __DIR__ . '/appengine-https.php';
+
+ // Initiate the autoloader. The file should be generated by Composer.
 // You will provide your own autoloader or require the files directly if you did
 // not install via Composer.
 require_once __DIR__ . '/../vendor/autoload.php';
diff --git a/examples/recaptcha-v2-invisible.php b/examples/recaptcha-v2-invisible.php
@@ -21,7 +21,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-// Initiate the autoloader. The file should be generated by Composer.
+require __DIR__ . '/appengine-https.php';
+
+ // Initiate the autoloader. The file should be generated by Composer.
 // You will provide your own autoloader or require the files directly if you did
 // not install via Composer.
 require_once __DIR__ . '/../vendor/autoload.php';
@@ -111,7 +113,7 @@
 else:
     // Add the g-recaptcha tag to the form you want to include the reCAPTCHA element
     ?>
-    <p>Complete the reCAPTCHA then submit the form.</p>
+    <p>Submit the form and reCAPTCHA will run automatically.</p>
     <form action="/recaptcha-v2-invisible.php" method="post" id="demo-form">
         <fieldset>
             <legend>An example form</legend>
diff --git a/examples/recaptcha-v3-request-scores.php b/examples/recaptcha-v3-request-scores.php
@@ -21,6 +21,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+require __DIR__ . '/appengine-https.php';
+
 // Initiate the autoloader. The file should be generated by Composer.
 // You will provide your own autoloader or require the files directly if you did
 // not install via Composer.
diff --git a/examples/recaptcha-v3-verify.php b/examples/recaptcha-v3-verify.php
@@ -21,6 +21,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+require __DIR__ . '/appengine-https.php';
+
 // Initiate the autoloader. The file should be generated by Composer.
 // You will provide your own autoloader or require the files directly if you did
 // not install via Composer.
@@ -42,5 +44,6 @@
 $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
 ->setExpectedAction('homepage')
                   ->setScoreThreshold(0.5)
-                  ->verify($_GET['token'], $_SERVER['REMOTE_ADDR']);header('Content-type:application/json');
+                  ->verify($_GET['token'], $_SERVER['REMOTE_ADDR']);
+header('Content-type:application/json');
 echo json_encode($resp->toArray());
