bradleyg · March 20, 2016 15:40
diff --git a/app.yaml.base b/app.yaml.base
 ###########################################################################
 # DO NOT MODIFY THIS FILE WITHOUT UNDERSTANDING THE SECURITY IMPLICATIONS #
 ###########################################################################

 # The "application" parameter is automatically set based on the below rules:
 # For util.sh: the argument to '-p' is used
 # For Grunt users: the 'appid' value in config.json.  It may also be
 #                  overriden by passing an '--appid=' parameter to grunt
 # You do not need to modify it here.
 application: __APPLICATION__

 # The version is automatically generated based on the current git hash.
 # If there are uncommitted changes, a '-dev' suffix will be added. You do
 # not need to modify it here.
 version: __VERSION__
 runtime: python27
 api_version: 1
 threadsafe: true

 handlers:
        - url: /static/
          static_dir: static/
          secure: always
          http_headers:
            X-Frame-Options: "DENY"
            Strict-Transport-Security: "max-age=2592000; includeSubdomains"
            X-Content-Type-Options: "nosniff"
            X-XSS-Protection: "1; mode=block"

        - url: (.*/) # for paths with a trailing slash
          static_files: static\1index.html
          upload: static/.*
          secure: always
          http_headers:
            X-Frame-Options: "DENY"
            Strict-Transport-Security: "max-age=2592000; includeSubdomains"
            X-Content-Type-Options: "nosniff"
            X-XSS-Protection: "1; mode=block"

        - url: (.*) # for paths without a trailing slash
          static_files: static\1/index.html
          upload: static/.*
          secure: always
          http_headers:
            X-Frame-Options: "DENY"
            Strict-Transport-Security: "max-age=2592000; includeSubdomains"
            X-Content-Type-Options: "nosniff"
            X-XSS-Protection: "1; mode=block"

 # All URLs should be mapped via the *_ROUTES variables in the src/main.py file.
 # See https://webapp-improved.appspot.com/guide/routing.html for information on
 # how URLs are routed in the webapp2 framework. Do not add additional handlers
 # directly here.
        - url: /.*
          script: main.app
          secure: always

 libraries:
        - name: django
          version: latest

        - name: jinja2
          version: latest

        - name: webapp2
          version: latest

 skip_files:
         - ^(.*/)?#.*#$
         - ^(.*/)?.*~$
         - ^(.*/)?.*\.py[co]$
         - ^(.*/)?.*/RCS/.*$
         - ^(.*/)?\..*$
         - app.yaml.base
         - README
         - util.sh
         - run_tests.py
         - .*_test.py
         - js/.*
         - closure-library/.*
	###########################################################################
	# DO NOT MODIFY THIS FILE WITHOUT UNDERSTANDING THE SECURITY IMPLICATIONS #
	###########################################################################

	# The "application" parameter is automatically set based on the below rules:
	# For util.sh: the argument to '-p' is used
	# For Grunt users: the 'appid' value in config.json. It may also be
	# overriden by passing an '--appid=' parameter to grunt
	# You do not need to modify it here.
	application: __APPLICATION__

	# The version is automatically generated based on the current git hash.
	# If there are uncommitted changes, a '-dev' suffix will be added. You do
	# not need to modify it here.
	version: __VERSION__
	runtime: python27
	api_version: 1
	threadsafe: true

	handlers:
	- url: /static/
	static_dir: static/
	secure: always
	http_headers:
	X-Frame-Options: "DENY"
	Strict-Transport-Security: "max-age=2592000; includeSubdomains"
	X-Content-Type-Options: "nosniff"
	X-XSS-Protection: "1; mode=block"

	- url: (.*/) # for paths with a trailing slash
	static_files: static\1index.html
	upload: static/.*
	secure: always
	http_headers:
	X-Frame-Options: "DENY"
	Strict-Transport-Security: "max-age=2592000; includeSubdomains"
	X-Content-Type-Options: "nosniff"
	X-XSS-Protection: "1; mode=block"

	- url: (.*) # for paths without a trailing slash
	static_files: static\1/index.html
	upload: static/.*
	secure: always
	http_headers:
	X-Frame-Options: "DENY"
	Strict-Transport-Security: "max-age=2592000; includeSubdomains"
	X-Content-Type-Options: "nosniff"
	X-XSS-Protection: "1; mode=block"

	# All URLs should be mapped via the *_ROUTES variables in the src/main.py file.
	# See https://webapp-improved.appspot.com/guide/routing.html for information on
	# how URLs are routed in the webapp2 framework. Do not add additional handlers
	# directly here.
	- url: /.*
	script: main.app
	secure: always

	libraries:
	- name: django
	version: latest

	- name: jinja2
	version: latest

	- name: webapp2
	version: latest

	skip_files:
	- ^(./)?#.#$
	- ^(./)?.~$
	- ^(./)?.\.py[co]$
	- ^(./)?./RCS/.*$
	- ^(./)?\..$
	- app.yaml.base
	- README
	- util.sh
	- run_tests.py
	- .*_test.py
	- js/.*
	- closure-library/.*