close_issue_1
/
tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[release-branch.go1.11] cmd/godoc: re-enable host checking, allow test versions 

test.golang.org is no longer -- instead allow access to version-specific
App Engine URLs (like 20181002t1342-dot-golang-org.appspot.com).

App Engine Flex uses the X-Forwarded-Proto to signify the proto used by
the originating request (it always uses h1 on 8080 when proxying the
request).

Updates golang/go#28893
Updates golang/go#27205

Change-Id: I423ffe65df325500a2fa04c7b655797ecc6ad037
Reviewed-on: https://go-review.googlesource.com/c/139237
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/150679
This commit is contained in:
Chris Broadfoot 2018-10-02 16:44:50 -07:00 committed by Dmitri Shuralyov
parent 4dfc99feba
commit 934cdca383
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/godoc/app.prod.yaml
View File

@ -3,7 +3,7 @@ env: flex
env_variables: env_variables:
GODOC_PROD: true GODOC_PROD: true
# GODOC_ENFORCE_HOSTS: true # TODO(cbro): modify host filter to allow version-specific URLs (see issue 27205). GODOC_ENFORCE_HOSTS: true
GODOC_REDIS_ADDR: 10.0.0.4:6379 # instance "gophercache" GODOC_REDIS_ADDR: 10.0.0.4:6379 # instance "gophercache"
GODOC_ANALYTICS: UA-11222381-2 GODOC_ANALYTICS: UA-11222381-2
DATASTORE_PROJECT_ID: golang-org DATASTORE_PROJECT_ID: golang-org

12
cmd/godoc/handlers.go
View File

@ -44,7 +44,7 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.h.ServeHTTP(w, r) h.h.ServeHTTP(w, r)
return return
} }
if r.TLS == nil || !h.validHost(r.Host) { if !h.isHTTPS(r) || !h.validHost(r.Host) {
r.URL.Scheme = "https" r.URL.Scheme = "https"
if h.validHost(r.Host) { if h.validHost(r.Host) {
r.URL.Host = r.Host r.URL.Host = r.Host
@ -58,9 +58,17 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.h.ServeHTTP(w, r) h.h.ServeHTTP(w, r)
} }
func (h hostEnforcerHandler) isHTTPS(r *http.Request) bool {
return r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https"
}
func (h hostEnforcerHandler) validHost(host string) bool { func (h hostEnforcerHandler) validHost(host string) bool {
switch strings.ToLower(host) { switch strings.ToLower(host) {
case "golang.org", "godoc-test.golang.org", "golang.google.cn": case "golang.org", "golang.google.cn":
return true
}
if strings.HasSuffix(host, "-dot-golang-org.appspot.com") {
// staging/test
return true return true
} }
return false return false