93 lines
3.7 KiB
Diff
93 lines
3.7 KiB
Diff
From: csagan5 <32685696+csagan5@users.noreply.github.com>
|
|
Date: Sat, 28 Apr 2018 08:30:26 +0200
|
|
Subject: Reduce HTTP headers in DoH requests to bare minimum
|
|
|
|
---
|
|
net/base/load_flags_list.h | 9 +++++++++
|
|
net/dns/dns_transaction.cc | 2 +-
|
|
net/url_request/url_request_http_job.cc | 16 +++++++++++-----
|
|
3 files changed, 21 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/net/base/load_flags_list.h b/net/base/load_flags_list.h
|
|
--- a/net/base/load_flags_list.h
|
|
+++ b/net/base/load_flags_list.h
|
|
@@ -101,3 +101,12 @@ LOAD_FLAG(RESTRICTED_PREFETCH, 1 << 15)
|
|
// is considered privileged, and therefore this flag must only be set from a
|
|
// trusted process.
|
|
LOAD_FLAG(CAN_USE_RESTRICTED_PREFETCH, 1 << 16)
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+// This load will not send Accept-Language or User-Agent headers, and not
|
|
+// advertise brotli encoding.
|
|
+// Used to comply with IETF (draft) DNS-over-HTTPS:
|
|
+// "Implementors SHOULD NOT set non-essential HTTP headers in DoH client requests."
|
|
+LOAD_FLAG(MINIMAL_HEADERS, 1 << 19)
|
|
diff --git a/net/dns/dns_transaction.cc b/net/dns/dns_transaction.cc
|
|
--- a/net/dns/dns_transaction.cc
|
|
+++ b/net/dns/dns_transaction.cc
|
|
@@ -406,7 +406,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate {
|
|
// Disable secure DNS for any DoH server hostname lookups to avoid deadlock.
|
|
request_->SetDisableSecureDns(true);
|
|
request_->SetLoadFlags(request_->load_flags() | LOAD_DISABLE_CACHE |
|
|
- LOAD_BYPASS_PROXY);
|
|
+ LOAD_MINIMAL_HEADERS | LOAD_BYPASS_PROXY);
|
|
request_->set_allow_credentials(false);
|
|
request_->set_isolation_info(isolation_info);
|
|
}
|
|
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
|
|
--- a/net/url_request/url_request_http_job.cc
|
|
+++ b/net/url_request/url_request_http_job.cc
|
|
@@ -326,6 +326,7 @@ void URLRequestHttpJob::Start() {
|
|
// plugin could set a referrer although sending the referrer is inhibited.
|
|
request_info_.extra_headers.RemoveHeader(HttpRequestHeaders::kReferer);
|
|
|
|
+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
|
|
// Our consumer should have made sure that this is a safe referrer (e.g. via
|
|
// URLRequestJob::ComputeReferrerForPolicy).
|
|
if (referrer.is_valid()) {
|
|
@@ -333,11 +334,14 @@ void URLRequestHttpJob::Start() {
|
|
request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer,
|
|
referer_value);
|
|
}
|
|
+ }
|
|
|
|
+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
|
|
request_info_.extra_headers.SetHeaderIfMissing(
|
|
HttpRequestHeaders::kUserAgent,
|
|
http_user_agent_settings_ ?
|
|
http_user_agent_settings_->GetUserAgent() : std::string());
|
|
+ }
|
|
|
|
AddExtraHeaders();
|
|
AddCookieHeaderAndStart();
|
|
@@ -534,10 +538,12 @@ void URLRequestHttpJob::AddExtraHeaders() {
|
|
} else {
|
|
// Advertise "br" encoding only if transferred data is opaque to proxy.
|
|
bool advertise_brotli = false;
|
|
- if (request()->context()->enable_brotli()) {
|
|
- if (request()->url().SchemeIsCryptographic() ||
|
|
- IsLocalhost(request()->url())) {
|
|
- advertise_brotli = true;
|
|
+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
|
|
+ if (request()->context()->enable_brotli()) {
|
|
+ if (request()->url().SchemeIsCryptographic() ||
|
|
+ IsLocalhost(request()->url())) {
|
|
+ advertise_brotli = true;
|
|
+ }
|
|
}
|
|
}
|
|
|
|
@@ -555,7 +561,7 @@ void URLRequestHttpJob::AddExtraHeaders() {
|
|
}
|
|
}
|
|
|
|
- if (http_user_agent_settings_) {
|
|
+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS) && http_user_agent_settings_) {
|
|
// Only add default Accept-Language if the request didn't have it
|
|
// specified.
|
|
std::string accept_language =
|
|
--
|
|
2.17.1
|
|
|