play.golang.org broken for me over IPv6

[Nick Craig-Wood]

Accessing any saved link on the playground via IPv6 gives "403
Forbidden". The basic website itself works, but with no share link. It
works fine via IPv4.

I've tried from several locations in 2a02:24e0::/32 with the same result.

This used to work. I first noticed it last week but thought it was just
one of those things and ignored it.

$ curl -v https://play.golang.org/p/3jXlWyrgsa
* Trying 2a00:1450:4009:800::2011...
* Connected to play.golang.org (2a00:1450:4009:800::2011) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 704 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: misc-sni.google.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=California,L=Mountain View,O=Google
Inc,CN=misc-sni.google.com
* start date: Thu, 16 Jun 2016 08:38:16 GMT
* expire date: Thu, 08 Sep 2016 08:29:00 GMT
* issuer: C=US,O=Google Inc,CN=Google Internet Authority G2
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /p/3jXlWyrgsa HTTP/1.1
> Host: play.golang.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Strict-Transport-Security: max-age=31536000; preload
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Mon, 27 Jun 2016 08:28:13 GMT
< Server: Google Frontend
< Content-Length: 10
< Alternate-Protocol: 443:quic
< Alt-Svc: quic=":443"; ma=2592000; v="34,33,32,31,30,29,28,27,26,25"
<
Forbidden
* Connection #0 to host play.golang.org left intact


Wheras it works fine with IPv4

$ curl -4 -v https://play.golang.org/p/3jXlWyrgsa
* Trying 216.58.210.49...
* Connected to play.golang.org (216.58.210.49) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 704 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: misc-sni.google.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=California,L=Mountain View,O=Google
Inc,CN=misc-sni.google.com
* start date: Thu, 16 Jun 2016 08:38:16 GMT
* expire date: Thu, 08 Sep 2016 08:29:00 GMT
* issuer: C=US,O=Google Inc,CN=Google Internet Authority G2
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /p/3jXlWyrgsa HTTP/1.1
> Host: play.golang.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Strict-Transport-Security: max-age=31536000; preload
< Content-Type: text/html; charset=utf-8
< Date: Mon, 27 Jun 2016 08:28:38 GMT
< Server: Google Frontend
< Content-Length: 8097
< Alternate-Protocol: 443:quic
< Alt-Svc: quic=":443"; ma=2592000; v="34,33,32,31,30,29,28,27,26,25"



--
Nick Craig-Wood <ni...@craig-wood.com> -- http://www.craig-wood.com/nick

[Brad Fitzpatrick]

We can't host user generated content in some countries (at least without burden the Go team is not interested in getting into the business of). I suspect Google's IPv6 geolocation has a data bug for your IPv6 prefix and it's putting you in some other country where user content is tricky.

Email me privately details of where 2a02:24e0::/32 physically is and I'll file a bug for the relevant people to investigate.

--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.