钉钉在 ipv6 环境下出现访问问题。多个页面依赖 h5.dingtalk.com ,如“工作台”页等。域名解析到 2401:b180:2000:60::f 并不能正确返回。 阿里同学 toB 环境多考虑 ipv6 的使用场景。
1
zealot 2023-03-16 14:04:27 +08:00
方便的话可以发一下 curl 命令输出结果,我这边实测是可以的
(绑 IPv6 host 验证 OK:2401:b180:2000:60::f h5.dingtalk.com ) ``` $ curl -6 -v https://h5.dingtalk.com/status.taobao * Trying [2401:b180:2000:60::f]:443... * Connected to h5.dingtalk.com (2401:b180:2000:60::f) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /etc/ssl/cert.pem * CApath: none * (304) (OUT), TLS handshake, Client hello (1): * (304) (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.dingtalk.com * start date: Apr 12 01:56:07 2022 GMT * expire date: May 14 01:56:06 2023 GMT * subjectAltName: host "h5.dingtalk.com" matched cert's "*.dingtalk.com" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * h2h3 [:method: GET] * h2h3 [:path: /status.taobao] * h2h3 [:scheme: https] * h2h3 [:authority: h5.dingtalk.com] * h2h3 [user-agent: curl/7.86.0] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x14e813400) > GET /status.taobao HTTP/2 > Host: h5.dingtalk.com > user-agent: curl/7.86.0 > accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! < HTTP/2 200 < server: Tengine < date: Thu, 16 Mar 2023 06:02:49 GMT < content-length: 0 < accept-ranges: bytes < etag: W/"0-1678781644000" < last-modified: Tue, 14 Mar 2023 08:14:04 GMT < cache-control: no-cache < content-security-policy-report-only: default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com dev.g.alicdn.com g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com tce.taobao.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com gm.mmstat.com ynuf.aliapp.org wss://acs.wapa.taobao.com wss://acs.m.taobao.com aliliving.alicdn.com wgo.mmstat.com dtliving.alicdn.com hd.mmstat.com uc.gre alilive.alicdn.com *.mobgslb.tbcache.com *.mmstat.com px.effirst.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: ynuf.aliapp.org cn-hangzhou-dap.cloud.alipay.com cn-hangzhou-cap.cloud.alipay.com auth.cloud.alipay.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: http: fourier.taobao.com *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com landray.dingtalkapps.com restapi.amap.com image.uczzd.cn;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com dev.g.alicdn.com g.alicdn.com tbm-auth.alicdn.com alilive.alicdn.com aliliving.alicdn.com blob:;worker-src 'self' blob:;report-uri https://csp.dingtalk.com/csp; ``` |