Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DoH: allow configuration of HTTP header #7900

Closed
appliedprivacy opened this issue Jun 10, 2019 · 3 comments
Closed

DoH: allow configuration of HTTP header #7900

appliedprivacy opened this issue Jun 10, 2019 · 3 comments

Comments

@appliedprivacy
Copy link
Contributor

@appliedprivacy appliedprivacy commented Jun 10, 2019

  • Program: dnsdist
  • Issue type: Feature request

Usecase

RFC8484 states:

also allowing web applications
to access DNS information via existing browser APIs in a safe way
consistent with Cross Origin Resource Sharing (CORS)

This usecase requires CORS headers otherwise browsers will not allow it.

dnsdist does not yet set the CORS header:

HTTP/2 200 
server: h2o/2.2.5
date: Mon, 10 Jun 2019 11:12:24 GMT
content-type: application/dns-message
content-length: 80

This feature request is about allowing operators to add HTTP headers to dnsdist's HTTP responses to allow the described usecase and potentially others. One obvious usecase is CORS

  • Access-Control-Allow-Origin: *

but this feature should allow the operator to configure arbitrary HTTP header (i.e. also HSTS).
Some exceptions may apply, for example the server header is already set via serverTokens #7894.

HTTP header should be configurable per frontend and per SNI.

ref: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/823

@Habbie
Copy link
Member

@Habbie Habbie commented Jun 10, 2019

With reference to https://dnsdist.org/reference/config.html#addDOHLocal, perhaps adding 'headers' to the options, taking a table, might make sense. I'm assuming that we can easily deal with tables in that place.

@rgacogne
Copy link
Member

@rgacogne rgacogne commented Jun 11, 2019

Agreed, we already do something like that for the internal webserver: https://dnsdist.org/reference/config.html?highlight=headers#webserver

@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Jun 11, 2019
@melissavoegeli
Copy link
Contributor

@melissavoegeli melissavoegeli commented Jun 11, 2019

For transparency, I'm going to work on this for this week. I'll keep you posted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

4 participants