From: Vladimír Čunát Date: Mon, 27 May 2019 13:13:37 +0000 (+0200) Subject: http DoH: answers include access-control-allow-origin: * X-Git-Tag: v4.1.0~24^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a34aa1ee743d7fdba42802bd21ec77405a97422f;p=thirdparty%2Fknot-resolver.git http DoH: answers include access-control-allow-origin: * Otherwise most browsers won't allow JS from *other* sites to use the data - one of the two primary use cases for DoH as stated in RFC 8484. --- diff --git a/NEWS b/NEWS index bc660714b..3cfd78dba 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Knot Resolver 4.x.y (2019-0m-dd) ================================ +Improvements +------------ +- DNS-over-HTTPS: answers include `access-control-allow-origin: *` (!823) + Bugfixes -------- - TCP to upstream: don't send wrong message length (unlikely, !816) diff --git a/modules/http/http.lua.in b/modules/http/http.lua.in index e858e89d2..6815d74b7 100644 --- a/modules/http/http.lua.in +++ b/modules/http/http.lua.in @@ -165,11 +165,12 @@ local function serve(endpoints, h, stream) entry = endpoints[path:match '^/[^/?]*'] end -- Unpack MIME and data - local data, mime, ttl, err + local data, mime, ttl, any_origin, err if entry then mime = entry[1] data = entry[2] ttl = entry[4] + any_origin = entry[5] end -- Get string data out of service endpoint if type(data) == 'function' then @@ -196,6 +197,9 @@ local function serve(endpoints, h, stream) if ttl then hsend:append('cache-control', string.format('max-age=%d', ttl)) end + if any_origin then + hsend:append('access-control-allow-origin', '*') + end assert(stream:write_headers(hsend, false)) assert(stream:write_chunk(data, true)) end diff --git a/modules/http/http_doh.lua b/modules/http/http_doh.lua index 71d183676..fb3f6bf67 100644 --- a/modules/http/http_doh.lua +++ b/modules/http/http_doh.lua @@ -112,6 +112,6 @@ end -- Export endpoints return { endpoints = { - ['/doh'] = {'text/plain', serve_doh}, + ['/doh'] = {'text/plain', serve_doh, nil, nil, true}, } }