support http security features in serverless #251
Description
https://cloud.google.com/functions/docs/writing/http
Security levels
The security level feature controls whether an HTTP function's URL supports HTTPS only, or both HTTP and HTTPS. Support for both HTTP and HTTPS is the default.
When you configure HTTP functions so that they can only be triggered with HTTPS, users who attempt to use the HTTP protocol will be redirected.
You specify an HTTP function's security level during deployment:
If you are using the gcloud command-line tool to deploy your function, you can set the function's security level using the --security-level flag. Its possible values are secure-always or secure-optional, which is the default. For example:
gcloud functions deploy FUNCTION_NAME --trigger-http --security-level=secure-always...
If you are deploying your function from the Cloud Console, use the Require HTTPS checkbox to make the function require HTTPS.
If the function can be triggered with either HTTP or HTTPS, the function code can examine the value of the request header X-Forwarded-Proto to determine which protocol was used. A secure request will have the value https for that header, while other requests will have the value http.