Skip to content

Commit

Permalink
[release-branch.go1.11] cmd/godoc: re-enable host checking, allow tes…
Browse files Browse the repository at this point in the history 
…t versions

test.golang.org is no longer -- instead allow access to version-specific
App Engine URLs (like 20181002t1342-dot-golang-org.appspot.com).

App Engine Flex uses the X-Forwarded-Proto to signify the proto used by
the originating request (it always uses h1 on 8080 when proxying the
request).

Updates golang/go#28893
Updates golang/go#27205

Change-Id: I423ffe65df325500a2fa04c7b655797ecc6ad037
Reviewed-on: https://go-review.googlesource.com/c/139237
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/150679
  • Loading branch information
@broady @dmitshur
broady authored and dmitshur committed Nov 21, 2018
1 parent 4dfc99f commit 934cdca
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
2 changes: 1 addition & 1 deletion cmd/godoc/app.prod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ env: flex

env_variables:
GODOC_PROD: true
# GODOC_ENFORCE_HOSTS: true # TODO(cbro): modify host filter to allow version-specific URLs (see issue 27205).
GODOC_ENFORCE_HOSTS: true
GODOC_REDIS_ADDR: 10.0.0.4:6379 # instance "gophercache"
GODOC_ANALYTICS: UA-11222381-2
DATASTORE_PROJECT_ID: golang-org
Expand Down
12 changes: 10 additions & 2 deletions cmd/godoc/handlers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.h.ServeHTTP(w, r)
return
}
if r.TLS == nil || !h.validHost(r.Host) {
if !h.isHTTPS(r) || !h.validHost(r.Host) {
r.URL.Scheme = "https"
if h.validHost(r.Host) {
r.URL.Host = r.Host
Expand All @@ -58,9 +58,17 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.h.ServeHTTP(w, r)
}

func (h hostEnforcerHandler) isHTTPS(r *http.Request) bool {
return r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https"
}

func (h hostEnforcerHandler) validHost(host string) bool {
switch strings.ToLower(host) {
case "golang.org", "godoc-test.golang.org", "golang.google.cn":
case "golang.org", "golang.google.cn":
return true
}
if strings.HasSuffix(host, "-dot-golang-org.appspot.com") {
// staging/test
return true
}
return false
Expand Down

0 comments on commit 934cdca

Please sign in to comment.