Domain fronting to App Engine stopped working
On or about 2018-04-13 16:00:00 UTC, domain-fronted requests for *.appspot.com stopped working. It appears to affect fronting to all appspot.com domains, not only ours. This has broken Snowflake client registration and Moat (legacy/trac#25807 (moved)).
Requests now fail with status code 502:
$ wget -q -O - --content-on-error -S https://www.google.com/ --header 'Host: snowflake-reg.appspot.com' HTTP/1.1 502 Bad Gateway Date: Sun, 15 Apr 2018 04:58:49 GMT Content-Type: text/html Server: HTTP server (unknown) Content-Length: 209 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Alt-Svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35" <html><body><h1>502 Bad Gateway</h1>\ <p>This HTTP request has a Host header that is not covered \ by the TLS certificate used. Due to an infrastructure change, \ this request cannot be processed.</p></body></html>
This ticket is to document the issue; I'm not sure we can do anything about it directly.
Other related tickets: