cmd/godoc: re-enable host checking, allow test versions

test.golang.org is no longer -- instead allow access to version-specific
App Engine URLs (like 20181002t1342-dot-golang-org.appspot.com).

App Engine Flex uses the X-Forwarded-Proto to signify the proto used by
the originating request (it always uses h1 on 8080 when proxying the
request).

Updates golang/go#27205.

Change-Id: I423ffe65df325500a2fa04c7b655797ecc6ad037
Reviewed-on: https://go-review.googlesource.com/c/139237
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Chris Broadfoot 2018-10-02 16:44:50 -07:00
Родитель bdd8ae38fd
Коммит 390954b1ab
2 изменённых файлов: 11 добавлений и 3 удалений

Просмотреть файл

@ -3,7 +3,7 @@ env: flex
env_variables:
GODOC_PROD: true
# GODOC_ENFORCE_HOSTS: true # TODO(cbro): modify host filter to allow version-specific URLs (see issue 27205).
GODOC_ENFORCE_HOSTS: true
GODOC_REDIS_ADDR: 10.0.0.4:6379 # instance "gophercache"
GODOC_ANALYTICS: UA-11222381-2
DATASTORE_PROJECT_ID: golang-org

Просмотреть файл

@ -44,7 +44,7 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.h.ServeHTTP(w, r)
return
}
if r.TLS == nil || !h.validHost(r.Host) {
if !h.isHTTPS(r) || !h.validHost(r.Host) {
r.URL.Scheme = "https"
if h.validHost(r.Host) {
r.URL.Host = r.Host
@ -58,9 +58,17 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.h.ServeHTTP(w, r)
}
func (h hostEnforcerHandler) isHTTPS(r *http.Request) bool {
return r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https"
}
func (h hostEnforcerHandler) validHost(host string) bool {
switch strings.ToLower(host) {
case "golang.org", "godoc-test.golang.org", "golang.google.cn":
case "golang.org", "golang.google.cn":
return true
}
if strings.HasSuffix(host, "-dot-golang-org.appspot.com") {
// staging/test
return true
}
return false