0ct0pu5
/
bromite


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
							From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Sat, 28 Apr 2018 08:30:26 +0200
Subject: Reduce HTTP headers in DoH requests to bare minimum

---
 net/base/load_flags_list.h              |  9 +++++++++
 net/dns/dns_transaction.cc              |  2 +-
 net/url_request/url_request_http_job.cc | 16 +++++++++++-----
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/net/base/load_flags_list.h b/net/base/load_flags_list.h
--- a/net/base/load_flags_list.h
+++ b/net/base/load_flags_list.h
@@ -112,3 +112,12 @@ LOAD_FLAG(RESTRICTED_PREFETCH, 1 << 17)
 // is considered privileged, and therefore this flag must only be set from a
 // trusted process.
 LOAD_FLAG(CAN_USE_RESTRICTED_PREFETCH, 1 << 18)
+
+
+
+
+// This load will not send Accept-Language or User-Agent headers, and not
+// advertise brotli encoding.
+// Used to comply with IETF (draft) DNS-over-HTTPS:
+// "Implementors SHOULD NOT set non-essential HTTP headers in DoH client requests."
+LOAD_FLAG(MINIMAL_HEADERS, 1 << 19)
diff --git a/net/dns/dns_transaction.cc b/net/dns/dns_transaction.cc
--- a/net/dns/dns_transaction.cc
+++ b/net/dns/dns_transaction.cc
@@ -418,7 +418,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate {
     // Disable secure DNS for any DoH server hostname lookups to avoid deadlock.
     request_->SetDisableSecureDns(true);
     request_->SetLoadFlags(request_->load_flags() | LOAD_DISABLE_CACHE |
-                           LOAD_BYPASS_PROXY);
+                           LOAD_MINIMAL_HEADERS | LOAD_BYPASS_PROXY);
     request_->set_allow_credentials(false);
     request_->set_isolation_info(isolation_info);
   }
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -331,6 +331,7 @@ void URLRequestHttpJob::Start() {
   // plugin could set a referrer although sending the referrer is inhibited.
   request_info_.extra_headers.RemoveHeader(HttpRequestHeaders::kReferer);
 
+  if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
   // Our consumer should have made sure that this is a safe referrer (e.g. via
   // URLRequestJob::ComputeReferrerForPolicy).
   if (referrer.is_valid()) {
@@ -338,11 +339,14 @@ void URLRequestHttpJob::Start() {
     request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer,
                                           referer_value);
   }
+  }
 
+  if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
   request_info_.extra_headers.SetHeaderIfMissing(
       HttpRequestHeaders::kUserAgent,
       http_user_agent_settings_ ?
           http_user_agent_settings_->GetUserAgent() : std::string());
+  }
 
   AddExtraHeaders();
   AddCookieHeaderAndStart();
@@ -538,10 +542,12 @@ void URLRequestHttpJob::AddExtraHeaders() {
     } else {
       // Advertise "br" encoding only if transferred data is opaque to proxy.
       bool advertise_brotli = false;
-      if (request()->context()->enable_brotli()) {
-        if (request()->url().SchemeIsCryptographic() ||
-            IsLocalhost(request()->url())) {
-          advertise_brotli = true;
+      if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
+        if (request()->context()->enable_brotli()) {
+          if (request()->url().SchemeIsCryptographic() ||
+              IsLocalhost(request()->url())) {
+            advertise_brotli = true;
+          }
         }
       }
 
@@ -559,7 +565,7 @@ void URLRequestHttpJob::AddExtraHeaders() {
     }
   }
 
-  if (http_user_agent_settings_) {
+  if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS) && http_user_agent_settings_) {
     // Only add default Accept-Language if the request didn't have it
     // specified.
     std::string accept_language =
-- 
2.17.1