Re: [Doh] Hackathon javascript client & browser issue

Mike Bishop <mbishop@evequefou.be> Sun, 18 March 2018 14:53 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0114112D87D for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 07:53:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N9KOwwocXxfy for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 07:53:34 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0104.outbound.protection.outlook.com [104.47.42.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 876BC12D7FC for <doh@ietf.org>; Sun, 18 Mar 2018 07:53:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gHZMK9fB62X7qjR9eeiXGhdBfXgCe0JlfGhrVzKEtnE=; b=V4cLxMrogfeKU8C8y8gGwTt8FXGC7eHhapDr0Ktak3JenVOcMeCYqN9EkQqsWvV/39WQYryHUrSitT/gFYctnJTeC4xLRJCL7RpPg0Z6NpKk67aFt+IV/on3U5HgOODvbWjZ+Pjeu8+qRpgIzxST4Ey6Y46RsdEZPCD6r/LisYs=
Received: from SN1PR08MB1854.namprd08.prod.outlook.com (10.169.39.8) by SN1PR08MB1966.namprd08.prod.outlook.com (10.169.39.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Sun, 18 Mar 2018 14:53:31 +0000
Received: from SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9]) by SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9%13]) with mapi id 15.20.0588.016; Sun, 18 Mar 2018 14:53:31 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Tom Pusateri <pusateri@bangj.com>, "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [Doh] Hackathon javascript client & browser issue
Thread-Index: AQHTvsL3ia8DzTa8Yk6+MsfLjroAf6PWD+kw
Date: Sun, 18 Mar 2018 14:53:31 +0000
Message-ID: <SN1PR08MB1854DAC4F50B5C17ABC4528ADAD50@SN1PR08MB1854.namprd08.prod.outlook.com>
References: <07A79B82-9B30-4BA6-96C8-175707581178@bangj.com>
In-Reply-To: <07A79B82-9B30-4BA6-96C8-175707581178@bangj.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [2001:67c:1232:144:95df:aab5:e062:49aa]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN1PR08MB1966; 7:qfm7//hbavWXH2Rz2dXabSDdI1Wny67KO8IaxcqMi6ZQmP/VNlS5yVWWfOKjwOtKXMpwItD3bvwmtbqo2uvqr/kvqSkjttjAOn4axfNAYmyb9XLF9Zgt/5CkC/ddOwHUumEcMMhscQ3vmVUePCNBHmp14+1QgtYRbpX1CQvLzRGwaiPWKNwFZZrGenioFdmuYMDxiLfEffFlPABLGulMV6ej02uC2wc+ejDRkizQEynBPvlF7BvdICFfpD3Plyo+
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 32979f70-0f95-4fe6-b7d7-08d58ce0045c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:SN1PR08MB1966;
x-ms-traffictypediagnostic: SN1PR08MB1966:
x-microsoft-antispam-prvs: <SN1PR08MB196602482DE196AE9CF7A3CDDAD50@SN1PR08MB1966.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(166708455590820)(38517522185527)(126947320029983);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3002001)(3231221)(944501244)(52105095)(93006095)(93001095)(10201501046)(6041310)(20161123562045)(20161123558120)(20161123560045)(20161123564045)(2016111802025)(6072148)(6043046)(201708071742011); SRVR:SN1PR08MB1966; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1966;
x-forefront-prvs: 06157D541C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(39830400003)(366004)(396003)(376002)(39380400002)(346002)(199004)(189003)(13464003)(478600001)(966005)(8676002)(8936002)(6436002)(81166006)(106356001)(6116002)(102836004)(7696005)(76176011)(105586002)(53936002)(6506007)(97736004)(81156014)(33656002)(68736007)(59450400001)(53546011)(316002)(2900100001)(99286004)(110136005)(3660700001)(86362001)(25786009)(5250100002)(6306002)(9686003)(46003)(5660300001)(55016002)(74482002)(186003)(2950100002)(74316002)(3280700002)(229853002)(2501003)(7736002)(6246003)(305945005)(14454004)(2906002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR08MB1966; H:SN1PR08MB1854.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:0; MX:1; LANG:en;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-microsoft-antispam-message-info: gZxb6dDWLjVjAKJmbkvvUW8C58j/59ckk6TNbFOndYwxtcoUUlQgW7YYQiLmprp6WRFZLxQ+aGlCJnFe4Y4t+qzp2o2Fn8KEib4ojZ0B5ZxwQfERJYN7abSxWGsJFZi8/qrofVL35od7GXKe1/EkLbqA2AE8tdNV0mJIO4m+18VyvVuTatVw6I9mBt2tYKqelPJWewcphEBFfCc8M3YtDpgP7t2jHOQy74ZUnU00u2sdR8HavwIyGWTr4sGVhKDLLwGMTzzsnc5Tl9QamjLAGP35pUbeBXboUibvgvXx497hqT55rd8VrHzGDGzcO6vw8m0UoT5J6O0VNY+xMzJFDg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 32979f70-0f95-4fe6-b7d7-08d58ce0045c
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2018 14:53:31.5447 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR08MB1966
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/Sz0fbNRsGhajxyshU_BA9BFBjNQ>
Subject: Re: [Doh] Hackathon javascript client & browser issue
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 14:53:37 -0000

I think the answer is "yes" to both, actually.  A server that wants to answer requests from content on other sites should accept the pre-flight.  But it's working as intended to keep you from firing off DNS requests to arbitrary servers.

Presumably DoH being done by the browser or system, rather than by a webpage itself, wouldn't be subject to these restrictions.

-----Original Message-----
From: Doh <doh-bounces@ietf.org>; On Behalf Of Tom Pusateri
Sent: Sunday, March 18, 2018 2:11 PM
To: doh@ietf.org
Subject: [Doh] Hackathon javascript client & browser issue

Working in the hackathon, I created a simple node javascript client to test DoH.

https://github.com/pusateri/doh-client

This works fine and then Stéphane asked if it could run in the browser. So I did this:

https://github.com/pusateri/doh-webpack

However, when sending a POST to a test server, I am getting a error (400) response to an initial pre-flight OPTIONS request.

According to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests

The only content types allowed for a POST are:

	• application/x-www-form-urlencoded
	• multipart/form-data
	• text/plain

so a question I have, should the DoH servers respond to a pre-flight OPTIONS method or are things working as designed because this shouldn’t be allowed to run in a browser?

Thanks,
Tom




_______________________________________________
Doh mailing list
Doh@ietf.org
https://www.ietf.org/mailman/listinfo/doh