DoH: Improve compatiblity by ignoring an "Accept" HTTP header value (!5246) · Merge requests · ISC Open Source Projects / BIND

Artem Boldariev requested to merge artem/doh-ignore-accept-header into main Jul 05, 2021

We were too strict regarding the value and presence of Accept HTTP header, slightly breaking compatibility with the specification.

According to RFC8484 client SHOULD add Accept header to the requests but MUST be able to handle application/dns-message media type regardless of the value of the header. That basically suggests we ignore its value.

The DoH client SHOULD include an HTTP Accept request header field to indicate what type of content can be understood in response. Irrespective of the value of the Accept request header field, the client MUST be prepared to process "application/dns-message" (as described in Section 6) responses but MAY also process other DNS- related media types it receives.

Besides, verifying the value of the Accept header is a bit tricky because it could contain multiple media types, thus requiring proper parsing. That is doable but does not provide us with any benefits.

Among other things, not verifying the value also fixes compatibility with clients, which could advertise multiple media types as supported, which we should accept. For example, it is possible for a perfectly valid request to contain application/dns-message, application/*, and */* in the Accept header value. Still, we would treat such a request as invalid.

Depends on !5245 (merged).

Edited Jul 09, 2021 by Artem Boldariev

DoH: Improve compatiblity by ignoring an "Accept" HTTP header value

Merge request reports