Re: [Doh] Hackathon javascript client & browser issue
Patrick McManus <pmcmanus@mozilla.com> Sun, 18 March 2018 15:09 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B122C126E01 for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 08:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zUmfoSTdFYCV for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 08:09:14 -0700 (PDT)
Received: from linode64.ducksong.com (www.ducksong.com [192.155.95.102]) by ietfa.amsl.com (Postfix) with ESMTP id 8B123126BF7 for <doh@ietf.org>; Sun, 18 Mar 2018 08:09:14 -0700 (PDT)
Received: from mail-oi0-f50.google.com (mail-oi0-f50.google.com [209.85.218.50]) by linode64.ducksong.com (Postfix) with ESMTPSA id C24BB3A021 for <doh@ietf.org>; Sun, 18 Mar 2018 11:09:13 -0400 (EDT)
Received: by mail-oi0-f50.google.com with SMTP id 20so5257271oiq.5 for <doh@ietf.org>; Sun, 18 Mar 2018 08:09:13 -0700 (PDT)
X-Gm-Message-State: AElRT7FtvqfF0nQvWVZRQuFzkyZC1jTeFCkGUN7PCuLUJiVFrwPlH/4w lcmEg3w+KPBE5BgEJhBJe/0jJ6pR6p1SYDkhbdQ=
X-Google-Smtp-Source: AG47ELvH75M5PmEQwZ5WzibLkNyFfqAc3S4e2Xui3goyzeSkqA+hWPlUCRJKpKv2rQQGcEM8ezgqU2fC1sOdP/qDRRI=
X-Received: by 10.202.3.65 with SMTP id 62mr5470809oid.38.1521385753350; Sun, 18 Mar 2018 08:09:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.66.212 with HTTP; Sun, 18 Mar 2018 08:09:12 -0700 (PDT)
In-Reply-To: <07A79B82-9B30-4BA6-96C8-175707581178@bangj.com>
References: <07A79B82-9B30-4BA6-96C8-175707581178@bangj.com>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Sun, 18 Mar 2018 15:09:12 +0000
X-Gmail-Original-Message-ID: <CAOdDvNq2V_pVuSs-qKSt01QcphMNoc02qA8D3AHPZLjVFwhh7w@mail.gmail.com>
Message-ID: <CAOdDvNq2V_pVuSs-qKSt01QcphMNoc02qA8D3AHPZLjVFwhh7w@mail.gmail.com>
To: Tom Pusateri <pusateri@bangj.com>
Cc: doh@ietf.org
Content-Type: multipart/alternative; boundary="001a113ba08065212d0567b13930"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/o4_ySRwDHRl8kWjcegY6YyQabGw>
Subject: Re: [Doh] Hackathon javascript client & browser issue
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 15:09:16 -0000
Layers ahoy! The rules that govern javascript networking are broadly from xhr/fetch/CORS (non IETF standards) and these apply to javascript using any HTTP API. There is nothing particular of DoH, but a browser-js implementation of DoH is subject to them (as would be accessing a published REST API for example). In the configuration you describe, the HTTP server is indeed going to need to whitelist the preflight - but neither the preflight request or response is itself a DoH request/response.Indeed, they are literally the pre-flight before the DoH flight. And its a bit of an aside, but I'm pretty happy with this outcome. It means DNS is accessible from js-content but only subject to the web's existing Same-Origin/Cross-Origin security model.. which is something that has known properties. -P On Sun, Mar 18, 2018 at 2:10 PM, Tom Pusateri <pusateri@bangj.com> wrote: > Working in the hackathon, I created a simple node javascript client to > test DoH. > > https://github.com/pusateri/doh-client > > This works fine and then Stéphane asked if it could run in the browser. So > I did this: > > https://github.com/pusateri/doh-webpack > > However, when sending a POST to a test server, I am getting a error (400) > response to an initial pre-flight OPTIONS request. > > According to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS# > Simple_requests > > The only content types allowed for a POST are: > > • application/x-www-form-urlencoded > • multipart/form-data > • text/plain > > so a question I have, should the DoH servers respond to a pre-flight > OPTIONS method or are things working as designed because this shouldn’t be > allowed to run in a browser? > > Thanks, > Tom > > > > > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
- Re: [Doh] Hackathon javascript client & browser i… Patrick McManus
- [Doh] Hackathon javascript client & browser issue Tom Pusateri
- Re: [Doh] Hackathon javascript client & browser i… Mike Bishop