DoH: allow configuration of HTTP header

[appliedprivacy]

• Program: dnsdist
• Issue type: Feature request

Usecase

RFC8484 states:

also allowing web applications
to access DNS information via existing browser APIs in a safe way
consistent with Cross Origin Resource Sharing (CORS)

This usecase requires CORS headers otherwise browsers will not allow it.

dnsdist does not yet set the CORS header:

HTTP/2 200 
server: h2o/2.2.5
date: Mon, 10 Jun 2019 11:12:24 GMT
content-type: application/dns-message
content-length: 80

This feature request is about allowing operators to add HTTP headers to dnsdist's HTTP responses to allow the described usecase and potentially others. One obvious usecase is CORS

• Access-Control-Allow-Origin: *

but this feature should allow the operator to configure arbitrary HTTP header (i.e. also HSTS).
Some exceptions may apply, for example the server header is already set via serverTokens #7894.

HTTP header should be configurable per frontend and per SNI.

ref: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/823

[Habbie]

With reference to https://dnsdist.org/reference/config.html#addDOHLocal, perhaps adding 'headers' to the options, taking a table, might make sense. I'm assuming that we can easily deal with tables in that place.

[rgacogne]

Agreed, we already do something like that for the internal webserver: https://dnsdist.org/reference/config.html?highlight=headers#webserver

[melissavoegeli]

For transparency, I'm going to work on this for this week. I'll keep you posted.