]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fb8d0ca)
http DoH: answers include access-control-allow-origin: *
authorVladimír Čunát <vladimir.cunat@nic.cz>
Mon, 27 May 2019 13:13:37 +0000 (15:13 +0200)
committerTomas Krizek <tomas.krizek@nic.cz>
Mon, 3 Jun 2019 12:28:37 +0000 (12:28 +0000)
Otherwise most browsers won't allow JS from *other* sites to use the
data - one of the two primary use cases for DoH as stated in RFC 8484.

NEWS patch | blob | blame | history
modules/http/http.lua.in patch | blob | blame | history
modules/http/http_doh.lua patch | blob | blame | history

diff --git a/NEWS b/NEWS
index bc660714b1d71a6bb36118a6d234f90114c1665a..3cfd78dba21c45d9e73980e4a8f01db7d083d089 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,10 @@
 Knot Resolver 4.x.y (2019-0m-dd)
 ================================
 
+Improvements
+------------
+- DNS-over-HTTPS: answers include `access-control-allow-origin: *` (!823)
+
 Bugfixes
 --------
 - TCP to upstream: don't send wrong message length (unlikely, !816)
diff --git a/modules/http/http.lua.in b/modules/http/http.lua.in
index e858e89d2232eb726429d796e8c6dc1cc1fdf570..6815d74b7b493bac7516761f851e9821dc2db9cb 100644 (file)
--- a/modules/http/http.lua.in
+++ b/modules/http/http.lua.in
@@ -165,11 +165,12 @@ local function serve(endpoints, h, stream)
                entry = endpoints[path:match '^/[^/?]*']
        end
        -- Unpack MIME and data
-       local data, mime, ttl, err
+       local data, mime, ttl, any_origin, err
        if entry then
                mime = entry[1]
                data = entry[2]
                ttl = entry[4]
+               any_origin = entry[5]
        end
        -- Get string data out of service endpoint
        if type(data) == 'function' then
@@ -196,6 +197,9 @@ local function serve(endpoints, h, stream)
                if ttl then
                        hsend:append('cache-control', string.format('max-age=%d', ttl))
                end
+               if any_origin then
+                       hsend:append('access-control-allow-origin', '*')
+               end
                assert(stream:write_headers(hsend, false))
                assert(stream:write_chunk(data, true))
        end
diff --git a/modules/http/http_doh.lua b/modules/http/http_doh.lua
index 71d1836768bf5e68000cc8b64b399aaafc8ea40f..fb3f6bf67f944592adb692bde624080ff557cf4a 100644 (file)
--- a/modules/http/http_doh.lua
+++ b/modules/http/http_doh.lua
@@ -112,6 +112,6 @@ end
 -- Export endpoints
 return {
        endpoints = {
-               ['/doh']   = {'text/plain', serve_doh},
+               ['/doh']   = {'text/plain', serve_doh, nil, nil, true},
        }
 }
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git