Skip to main content

Security Source Settings

Security Source Configuration is an important security mechanism for cloud development services, ensuring that only authorized sources can access your cloud development resources by configuring allowlists for Web and client applications (such as mini-programs, App, etc.).

Security Domain

Configuration Method

Console Operation Steps

  1. Log in to the CloudBase Console
  2. In the left navigation bar, select [Environment Configuration] > [Security Source].
  3. In the "Web Security Domain" section, click the [Add Domain] button
  4. In the pop-up dialog box, fill in the domain name to be authorized:
    • Supports full domain names (such as www.example.com)
    • Supports wildcards (such as *.example.com)
    • Supports port numbers (such as example.com:8080)
  5. Click [OK] to complete the addition

Configuration Example

# Allowing all subdomains
*.example.com

# Allowing specific domains
www.example.com

# Allowing domains with ports
localhost:3000

Notes

  • Each environment can configure up to 50 security domains
  • Takes effect approximately 1-2 minutes after configuration
  • Do not include the protocol prefix (such as https://)
  • Default security domain includes:
    • localhost - Local development and debugging
    • env-id.service.tcloudbase.com - HTTP Access Service
    • env-id.tcb.qcloud.la - File Storage Service
    • env-id.tcloudbaseapp.com - Static Website Hosting Service (requires activation)

Frequently Asked Questions

Why is access still unavailable after configuration?

Check the following content:

  1. Check if the domain name is spelled correctly
  2. Check if the protocol header (such as https://) is included
  3. Check if it is accessed within an iframe (requires additional configuration)

Mobile App Security Source

Configuration Process

Console Operation Steps

  1. On the Security Sources configuration page, click Add Application
  2. Enter application information:
    • Application Name: A recognizable name (e.g., "MyApp-iOS")
    • Application Identifier:
      • iOS App: Can use Bundle ID (e.g. com.example.myapp)
      • Android App: Can use package name (e.g. com.example.myapp)
  3. Click [Save] to complete the configuration

Obtain Application Credentials

  1. In the operation column of the added application, click Obtain Credentials
  2. The system generates and displays credential information
  3. Click Copy to save the credential information

Notes:

  • Credential information is sensitive and must not be disclosed.
  • It is recommended to regularly rotate application credentials.
  • Different platforms (iOS/Android) can be configured separately.
  • Use different credentials for test and production environments

Best Practices

Security Policy

  1. Principle of Least Privilege: Grant only necessary permissions to domains and applications
  2. Environment Isolation: Use different configurations for test and production environments
  3. Platform Differentiation: Create independent configurations for iOS and Android

Credential Management

  • Rotate application credentials every 3-6 months
  • Use a Key Management System to store sensitive credentials
  • Credentials used by departed employees should be revoked promptly

Monitoring and Alerting

  • Configure abnormal access alert rules
  • Monitor API call source distribution
  • Regularly audit security source configurations

Configuration Checklist

  • Whether unnecessary domains are restricted
  • Whether different environments are distinguished
  • Whether credentials are rotated regularly
  • Whether obsolete configurations have been removed
  • Whether monitoring and alerting have been configured

Frequently Asked Questions

How to Handle Credential Leaks

Operate according to the following process:

  1. Generate new credentials immediately
  2. Activate the new credentials on the APP
  3. Revoke old credentials
  4. Check for abnormal access