Security Source Settings
Security Source Configuration is an important security mechanism for cloud development services, ensuring that only authorized sources can access your cloud development resources by configuring allowlists for Web and client applications (such as mini-programs, App, etc.).
Security Domain
Configuration Method
Console Operation Steps
- Log in to the CloudBase Console
- In the left navigation bar, select [Environment Configuration] > [Security Source].
- In the "Web Security Domain" section, click the [Add Domain] button
- In the pop-up dialog box, fill in the domain name to be authorized:
- Supports full domain names (such as
www.example.com
) - Supports wildcards (such as
*.example.com
) - Supports port numbers (such as
example.com:8080
)
- Supports full domain names (such as
- Click [OK] to complete the addition
Configuration Example
# Allowing all subdomains
*.example.com
# Allowing specific domains
www.example.com
# Allowing domains with ports
localhost:3000
Notes
- Each environment can configure up to 50 security domains
- Takes effect approximately 1-2 minutes after configuration
- Do not include the protocol prefix (such as
https://
) - Default security domain includes:
localhost
- Local development and debuggingenv-id.service.tcloudbase.com
- HTTP Access Serviceenv-id.tcb.qcloud.la
- File Storage Serviceenv-id.tcloudbaseapp.com
- Static Website Hosting Service (requires activation)
Frequently Asked Questions
Why is access still unavailable after configuration?
Check the following content:
- Check if the domain name is spelled correctly
- Check if the protocol header (such as https://) is included
- Check if it is accessed within an iframe (requires additional configuration)
Mobile App Security Source
Configuration Process
Console Operation Steps
- On the Security Sources configuration page, click Add Application
- Enter application information:
- Application Name: A recognizable name (e.g., "MyApp-iOS")
- Application Identifier:
- iOS App: Can use Bundle ID (e.g. com.example.myapp)
- Android App: Can use package name (e.g. com.example.myapp)
- Click [Save] to complete the configuration
Obtain Application Credentials
- In the operation column of the added application, click Obtain Credentials
- The system generates and displays credential information
- Click Copy to save the credential information
Notes:
- Credential information is sensitive and must not be disclosed.
- It is recommended to regularly rotate application credentials.
- Different platforms (iOS/Android) can be configured separately.
- Use different credentials for test and production environments
Best Practices
Security Policy
- Principle of Least Privilege: Grant only necessary permissions to domains and applications
- Environment Isolation: Use different configurations for test and production environments
- Platform Differentiation: Create independent configurations for iOS and Android
Credential Management
- Rotate application credentials every 3-6 months
- Use a Key Management System to store sensitive credentials
- Credentials used by departed employees should be revoked promptly
Monitoring and Alerting
- Configure abnormal access alert rules
- Monitor API call source distribution
- Regularly audit security source configurations
Configuration Checklist
- Whether unnecessary domains are restricted
- Whether different environments are distinguished
- Whether credentials are rotated regularly
- Whether obsolete configurations have been removed
- Whether monitoring and alerting have been configured
Frequently Asked Questions
How to Handle Credential Leaks
Operate according to the following process:
- Generate new credentials immediately
- Activate the new credentials on the APP
- Revoke old credentials
- Check for abnormal access