Commit f9103da6 authored by Sebastiaan Deckers's avatar Sebastiaan Deckers 馃悜

fix: apply CORS to DoH and GoH

parent 2292e5ba
......@@ -17,16 +17,16 @@ module.exports.app = (options, files) => {
const app = connect()
app.use(fingerprint(options))
app.use(logger(options.log))
app.use(hostOptions(options, files))
app.use(allowCors())
app.use(cdnLoopPrevention(options.via))
if (typeof options.doh === 'object') {
app.use(playdoh(options.doh))
}
app.use(allowedMethods(['GET', 'HEAD', 'OPTIONS']))
if (typeof options.goh === 'object') {
app.use(goh(options.goh))
}
app.use(hostOptions(options, files))
app.use(allowedMethods(['GET', 'HEAD', 'OPTIONS']))
app.use(allowCors())
app.use(cdnLoopPrevention(options.via))
app.use(resolveRequest())
app.use(resolveDependencies(options))
app.use(serveResponse(options))
......
......@@ -43,13 +43,18 @@ test('start server', async (t) => {
doh: {
resolverPort: resolver.address().port,
resolverAddress: '127.0.0.1'
}
},
hosts: [{
accessControl: {
allowOrigin: '*'
}
}]
}
master = new Master({ cwd, options })
await master.listen()
})
test('Make a DNS over HTTPS request', async (t) => {
test('Make a DNS over HTTPS request, with CORS', async (t) => {
const url = 'https://localhost:8443/'
const headers = {
':method': 'POST',
......@@ -58,6 +63,7 @@ test('Make a DNS over HTTPS request', async (t) => {
const body = dnsQuery()
const response = await h2(url, { headers, body })
t.is(response.headers.get(':status'), 200)
t.is(response.headers.get('access-control-allow-origin'), '*')
t.deepEquals(
packet.decode(await response.arrayBuffer()),
packet.decode(dnsAnswer())
......@@ -73,7 +79,7 @@ test('Pass-through non-DoH requests', async (t) => {
t.ok(await response.text())
})
test('Get DOH response on any domain', async (t) => {
test('Only respond to DoH on hosted domains', async (t) => {
const url = 'https://does-not-exist.example.com:8443/'
const headers = {
':method': 'POST',
......@@ -81,8 +87,8 @@ test('Get DOH response on any domain', async (t) => {
}
const body = dnsQuery()
const response = await h2(url, { headers, body })
t.is(response.headers.get(':status'), 200)
t.is(response.headers.get('content-type'), 'application/dns-message')
t.is(response.headers.get(':status'), 404)
t.is(response.headers.get('content-type'), 'text/plain; charset=utf-8')
})
test('stop server', async (t) => master.close())
......
......@@ -25,7 +25,12 @@ test('start server', async (t) => {
unsafeAllowNonStandardPort: true,
unsafeAllowPrivateAddress: true,
timeout: 10000
}
},
hosts: [{
accessControl: {
allowOrigin: '*'
}
}]
}
master = new Master({ cwd, options })
await master.listen()
......@@ -39,6 +44,7 @@ test('Make a Gopher over HTTPS request', async (t) => {
t.ok(response.ok)
t.is(response.status, 200)
t.is(response.headers.get('content-type'), 'application/gopher')
t.is(response.headers.get('access-control-allow-origin'), '*')
t.deepEquals(await response.text(), '1Hello, World!\t\t\t\r\n.\r\n')
})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment