share: hard-code an allow list of IP prefixes for proxied traffic
While we continue to investigate the miscategorization of internal IPs
in playground traffic, add an allow list of a few known problematic IP
prefixes that have been manually verified to be US Google IPs.
Based on history over the past week, this should get playground snippets
working again, at least temporarily.
For golang/go#65081
Change-Id: Iccb16e9f6afbdad271198a4e3f23c8adf8b0fe8f
Reviewed-on: https://go-review.googlesource.com/c/playground/+/556157
Auto-Submit: Robert Findley <rfindley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Commit-Queue: Robert Findley <rfindley@google.com>
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>
Run-TryBot: Robert Findley <rfindley@google.com>
diff --git a/share.go b/share.go
index 6dd5adc..c067d2c 100644
--- a/share.go
+++ b/share.go
@@ -11,6 +11,7 @@
"fmt"
"io"
"net/http"
+ "strings"
)
const (
@@ -82,9 +83,34 @@
fmt.Fprint(w, id)
}
+// golang/go#65081: the IP prefixes below have been observed in proxied traffic
+// from go.dev to play.golang.org, and as of 2024-01-16 are incorrectly
+// identified as CN by X-AppEngine-Country. Using geoIP tooling, these were all
+// verified as having temporarily been categorized as CN in early January, but
+// are currently US.
+//
+// While this is being investigated, hard-code a temporary allow list for these
+// IPs to get the playground working again.
+//
+// Per https://www.gstatic.com/ipranges/goog.json, these are Google IPs.
+var temporaryAllowListIPPrefixes = []string{
+ "2600:1900:2001:2",
+ "2600:1900:2001:3",
+ "2600:1900:2000:1b",
+ "2600:1900:2000:1d",
+ "2600:1900:2000:38",
+ "2600:1900:2000:37",
+ "2600:1900:2000:9",
+}
+
func allowShare(r *http.Request) bool {
- if r.Header.Get("X-AppEngine-Country") == "CN" {
- return false
+ if r.Header.Get("X-AppEngine-Country") != "CN" {
+ return true
}
- return true
+ for _, prefix := range temporaryAllowListIPPrefixes {
+ if strings.HasPrefix(r.RemoteAddr, prefix) {
+ return true
+ }
+ }
+ return false
}
