Commit a34aa1ee authored by Vladimír Čunát's avatar Vladimír Čunát Committed by Tomas Krizek

http DoH: answers include access-control-allow-origin: *

Otherwise most browsers won't allow JS from *other* sites to use the
data - one of the two primary use cases for DoH as stated in RFC 8484.
parent fb8d0ca0
Knot Resolver 4.x.y (2019-0m-dd)
================================
Improvements
------------
- DNS-over-HTTPS: answers include `access-control-allow-origin: *` (!823)
Bugfixes
--------
- TCP to upstream: don't send wrong message length (unlikely, !816)
......
......@@ -165,11 +165,12 @@ local function serve(endpoints, h, stream)
entry = endpoints[path:match '^/[^/?]*']
end
-- Unpack MIME and data
local data, mime, ttl, err
local data, mime, ttl, any_origin, err
if entry then
mime = entry[1]
data = entry[2]
ttl = entry[4]
any_origin = entry[5]
end
-- Get string data out of service endpoint
if type(data) == 'function' then
......@@ -196,6 +197,9 @@ local function serve(endpoints, h, stream)
if ttl then
hsend:append('cache-control', string.format('max-age=%d', ttl))
end
if any_origin then
hsend:append('access-control-allow-origin', '*')
end
assert(stream:write_headers(hsend, false))
assert(stream:write_chunk(data, true))
end
......
......@@ -112,6 +112,6 @@ end
-- Export endpoints
return {
endpoints = {
['/doh'] = {'text/plain', serve_doh},
['/doh'] = {'text/plain', serve_doh, nil, nil, true},
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment