undefined | Better HN

0 pointsderhuerst9y ago0 comments

if i understand you correctly, you want to set up the tunnelling server on the App Engine instance and the client on your local machine, right?

in this case, accessing google over HTTPS locally would not work properly, as the `Origin` header as well as the SSL cert wouldn't match.

0 comments

1 comments · 1 top-level

tghw9y ago

There's no need for an Origin header and the SSL cert would match. That's the whole premise of domain fronting. You send the request to whatever IP resloves as Google.com, but when you make the request, your Host header is for the AppEngine instance. Because of the way Google (and AWS and I'm sure many others) route requests, they don't care that you're using the cert for Google.com, they just happily route you to whatever Host you specify. You may have to spoof some headers to do the 101 Switching Protocol correctly, but you have all the information you need to do it.

j / k navigate · click thread line to collapse