Add CORS header (only for DoH), for web browsers

2025-04-03 04:57:37 +03:00 · 2021-09-07 13:22:55 +02:00 · 2021-09-07 13:22:55 +02:00 · 379a7abc7e
commit 379a7abc7e
parent 5770f9da33
1 changed files with 14 additions and 5 deletions
--- a/src/libdoh/src/lib.rs
+++ b/src/libdoh/src/lib.rs
@ -133,7 +133,9 @@ impl DoH {

    async fn serve_doh_query(&self, query: Vec<u8>) -> Result<Response<Body>, http::Error> {
        let resp = match self.proxy(query).await {
-            Ok(resp) => self.build_response(resp.packet, resp.ttl, DoHType::Standard.as_str()),
+            Ok(resp) => {
+                self.build_response(resp.packet, resp.ttl, DoHType::Standard.as_str(), true)
+            }
            Err(e) => return http_error(StatusCode::from(e)),
        };
        match resp {
@ -197,7 +199,7 @@ impl DoH {
            Err(e) => return http_error(StatusCode::from(e)),
        };
        let encrypted_resp = match context.encrypt_response(resp.packet) {
-            Ok(resp) => self.build_response(resp, 0u32, DoHType::Oblivious.as_str()),
+            Ok(resp) => self.build_response(resp, 0u32, DoHType::Oblivious.as_str(), false),
            Err(e) => return http_error(StatusCode::from(e)),
        };

@ -233,6 +235,7 @@ impl DoH {
            configs,
            ODOH_KEY_ROTATION_SECS,
            "application/octet-stream".to_string(),
+            true,
        ) {
            Ok(resp) => Ok(resp),
            Err(e) => http_error(StatusCode::from(e)),
@ -414,9 +417,10 @@ impl DoH {
        packet: Vec<u8>,
        ttl: u32,
        content_type: String,
+        cors: bool,
    ) -> Result<Response<Body>, DoHError> {
        let packet_len = packet.len();
-        let response = Response::builder()
+        let mut response_builder = Response::builder()
            .header(hyper::header::CONTENT_LENGTH, packet_len)
            .header(hyper::header::CONTENT_TYPE, content_type.as_str())
            .header(
@ -426,9 +430,14 @@ impl DoH {
                    ttl, STALE_IF_ERROR_SECS, STALE_WHILE_REVALIDATE_SECS
                )
                .as_str(),
-            )
+            );
+        if cors {
+            response_builder =
+                response_builder.header(hyper::header::ACCESS_CONTROL_ALLOW_ORIGIN, "*");
+        }
+        let response = response_builder
            .body(Body::from(packet))
-            .unwrap();
+            .map_err(|_| DoHError::InvalidData)?;
        Ok(response)
    }