This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

App Engine link suspended

Posted on 05-06-2022 09:29 AM
remios
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

My app has been warned on May 6 (The warning was related to phishing while my app hosted on App Engine does not phish). I requested an appeal, and I clearly explained why I think this warning was added to my app. It was because of a code that I added to my html page to avoid attacks. I therefore removed it and I received a support message stating that there is no issue with my app.

I received another email yesterday stating that the link to my app has been suspended while the search console was not showing any security issue. I submitted an appeal again and I received an email this morning stating that the suspension has been lifted. But the link is still not working.

The following was the code:

```<customHeaders>
<remove name="X-Powered-By" />
<add name="X-XSS-Protection" value="1; mode=block" />
<!-- Protects against Clickjacking attacks. ref.: http://stackoverflow.com/a/22105445/1233379 -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
<!-- Protects against MIME-type confusion attack. ref.: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers/ -->
<add name="X-Content-Type-Options" value="nosniff" />
<!-- Protects against Clickjacking attacks. ref.: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet -->
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<!-- CSP modern XSS directive-based defence, used since 2014. ref.: http://content-security-policy.com/ -->
<add name="Content-Security-Policy" value="default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';" />
<!-- Prevents from leaking referrer data over insecure connections. ref.: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ -->
<add name="Referrer-Policy" value="same-origin" />
<!--Feature-Policy is a new header that allows a site to control which features and APIs can be used in the browser. ref.: https://wicg.github.io/feature-policy/ -->
<add name="Feature-Policy" value="accelerometer 'none'; camera '*'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'" />
</customHeaders>
```

THIS IS REALLY CAUSING ISSUE ON MY BUSINESS AND OUR BUSINESS REPUTATION. PLEASE ASSIST ME WITH THIS AS SOON AS POSSIBLE. THE LINK IS: https://partyexpress360-d40e5.uk.r.appspot.com/.

Thanks!

0 1 256
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Andre_Fiesco
Staff
Reply posted on --/--/---- --:-- AM

You should have received (or will soon receive) an email from google-cloud-compliance@google.com regarding your usage of the Google Cloud Platform. This generally indicates a need to clarify usage that appears to be against the Terms of Service.

In case that email doesn't arrive, please feel free to fill out this form, and someone from the team will get back to you as soon as possible.

Also, the App Engine Mail API is still available, and you can find relevant information here

0 Likes