fix: Enable TLS fingerprint routing for Antigravity API requests
**Bug Fix**: TLS fingerprint routing was disabled by default - isTLSFingerprintRoutingEnabled() was checking NodeTLSProxy.Enabled (default: false) - Should check TLSFingerprint.Enabled (default: true) - This caused all Antigravity requests to lack proper TLS fingerprinting **Changes**: - Use correct config flag: s.cfg.Gateway.TLSFingerprint.Enabled - Add cloudcode-pa.googleapis.com and daily sandbox variant to default routing list - Requests now properly emulate Claude CLI (Node.js 24.x) TLS fingerprint **Impact**: - Antigravity API requests now use JA3/JA4 fingerprinting to avoid 503 monitoring blocks - Proper TLS handshake matching real Claude IDE behavior - Fixes 'context deadline exceeded' and intermittent 503 errors Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
win
parent
b01a44cd39
commit
dad970f739
@ -23,17 +23,17 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// isTLSFingerprintRoutingEnabled 检查 TLS 指纹路由是否启用
|
// isTLSFingerprintRoutingEnabled 检查 TLS 指纹路由是否启用
|
||||||
// 复用 NodeTLSProxy.Enabled 配置项,保持配置兼容
|
// 使用 TLSFingerprint.Enabled 配置项(而不是旧的 NodeTLSProxy.Enabled)
|
||||||
func (s *httpUpstreamService) isTLSFingerprintRoutingEnabled() bool {
|
func (s *httpUpstreamService) isTLSFingerprintRoutingEnabled() bool {
|
||||||
if s.cfg == nil {
|
if s.cfg == nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return s.cfg.Gateway.NodeTLSProxy.Enabled
|
return s.cfg.Gateway.TLSFingerprint.Enabled
|
||||||
}
|
}
|
||||||
|
|
||||||
// shouldRouteWithTLSFingerprint 判断请求是否应该使用 TLS 指纹
|
// shouldRouteWithTLSFingerprint 判断请求是否应该使用 TLS 指纹
|
||||||
// 仅拦截目标主机在 proxy_hosts 白名单中的 HTTPS 请求,
|
// 拦截目标主机在 proxy_hosts 白名单中的 HTTPS 请求
|
||||||
// 白名单为空时默认只代理 api.anthropic.com。
|
// 白名单为空时默认代理 api.anthropic.com 和 Antigravity API 主机
|
||||||
func (s *httpUpstreamService) shouldRouteWithTLSFingerprint(req *http.Request) bool {
|
func (s *httpUpstreamService) shouldRouteWithTLSFingerprint(req *http.Request) bool {
|
||||||
if req == nil || req.URL == nil || req.URL.Scheme != "https" {
|
if req == nil || req.URL == nil || req.URL.Scheme != "https" {
|
||||||
return false
|
return false
|
||||||
@ -45,7 +45,13 @@ func (s *httpUpstreamService) shouldRouteWithTLSFingerprint(req *http.Request) b
|
|||||||
|
|
||||||
hosts := s.cfg.Gateway.NodeTLSProxy.ProxyHosts
|
hosts := s.cfg.Gateway.NodeTLSProxy.ProxyHosts
|
||||||
if len(hosts) == 0 {
|
if len(hosts) == 0 {
|
||||||
return reqHost == "api.anthropic.com"
|
// 默认白名单:api.anthropic.com 和 Antigravity API 主机
|
||||||
|
defaultHosts := map[string]bool{
|
||||||
|
"api.anthropic.com": true,
|
||||||
|
"cloudcode-pa.googleapis.com": true,
|
||||||
|
"daily-cloudcode-pa.sandbox.googleapis.com": true,
|
||||||
|
}
|
||||||
|
return defaultHosts[reqHost]
|
||||||
}
|
}
|
||||||
for _, h := range hosts {
|
for _, h := range hosts {
|
||||||
if reqHost == h {
|
if reqHost == h {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user