Google’s App Engine no longer supports ‘domain fronting.’ Technically speaking, App Engine has never officially supported domain fronting although it was a feature those using Google’s solution were previously able to take advantage of. That, however, has now changed as a recent update to App Engine has now removed all traces of backend support.
If does not seem as thought Google has officially announced the change (as it never officially supported the use of domain fronting in the first place), although the change was previously noted as in effect on the Tor bug tracker on April 13. Since then, The Verge has received confirmation from Google of the discontinuation of the unofficial support through the release of a recent update. Once again, the representative confirmed Google has never officially supported the feature, and the recent update itself was also not specifically designed to target the use of the feature. Instead, the feature’s ability to be used has ceased as a byproduct of the update applied to the underlying framework that the feature took advantage of. With the representative also quoted stating Google does not “have any plans to offer it as a feature” going forward.
Domain fronting is better understood as the ability to spoof a location. This is something that a lot of services offer and for multiple reasons. VPNs being one such example and geo-restricted or otherwise censored content being prime examples of why an app or a service might want to spoof the location. The reason this was unofficially available was due to how App Engine works as this is a web and mobile app-based platform designed to take away the need for developers to worry about the infrastructure needed to scale an app or website. Instead, App Engine afforded developers with the ability to concentrate on the code and provide them with a fully-ready infrastructure for use. Up until now, that has also meant redirecting traffic through Google domains first, before sending them on to a final destination. Not only this, but Google’s encryption also stopped anyone from understanding or knowing the traffic was going anywhere beyond the Google domain. Thereby inadvertently providing a method for app developers to spoof a location.