Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DoH: allow configuration of HTTP header #7900

Closed
appliedprivacy opened this issue Jun 10, 2019 · 3 comments · Fixed by #8148
Closed

DoH: allow configuration of HTTP header #7900

appliedprivacy opened this issue Jun 10, 2019 · 3 comments · Fixed by #8148
Labels
dnsdist easy feature request
Milestone
dnsdist-1.4.0

Comments

@appliedprivacy
Copy link
Contributor

appliedprivacy commented Jun 10, 2019
edited

  • Program: dnsdist
  • Issue type: Feature request

Usecase

RFC8484 states:

also allowing web applications
to access DNS information via existing browser APIs in a safe way
consistent with Cross Origin Resource Sharing (CORS)

This usecase requires CORS headers otherwise browsers will not allow it.

dnsdist does not yet set the CORS header:

HTTP/2 200 
server: h2o/2.2.5
date: Mon, 10 Jun 2019 11:12:24 GMT
content-type: application/dns-message
content-length: 80

This feature request is about allowing operators to add HTTP headers to dnsdist's HTTP responses to allow the described usecase and potentially others. One obvious usecase is CORS

  • Access-Control-Allow-Origin: *

but this feature should allow the operator to configure arbitrary HTTP header (i.e. also HSTS).
Some exceptions may apply, for example the server header is already set via serverTokens #7894.

HTTP header should be configurable per frontend and per SNI.

ref: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/823
@Habbie
Copy link
Member

Habbie commented Jun 10, 2019

With reference to https://dnsdist.org/reference/config.html#addDOHLocal, perhaps adding 'headers' to the options, taking a table, might make sense. I'm assuming that we can easily deal with tables in that place.

@rgacogne
Copy link
Member

Agreed, we already do something like that for the internal webserver: https://dnsdist.org/reference/config.html?highlight=headers#webserver

@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Jun 11, 2019
@melissavoegeli
Copy link
Contributor

For transparency, I'm going to work on this for this week. I'll keep you posted.

@melissavoegeli melissavoegeli mentioned this issue Jun 16, 2019
Closed
8 tasks
melissavoegeli added a commit to melissavoegeli/pdns that referenced this issue Jun 19, 2019
@melissavoegeli
add failing test that PowerDNS#7900 should fix
1cb771c
melissavoegeli added a commit to melissavoegeli/pdns that referenced this issue Jun 19, 2019
@melissavoegeli
PowerDNS#7900 find matching header token and set custom response headers
4f9e5b5
@melissavoegeli melissavoegeli mentioned this issue Jun 19, 2019
Closed
7 tasks
@rgacogne rgacogne mentioned this issue Jul 31, 2019
Merged
7 tasks
@chbruyand chbruyand mentioned this issue Aug 27, 2019
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dnsdist easy feature request
Projects
None yet
Milestone
dnsdist-1.4.0
Development

Successfully merging a pull request may close this issue.

dnsdist: Add support for custom DoH headers rgacogne/pdns
4 participants
@melissavoegeli @Habbie @rgacogne @appliedprivacy