Explicitly set "accept-encoding: identity" header for DoH URL requests.
Currently, DnsHTTPAttempt does not set the accept-encoding header. URLRequestHttpJob::AddExtraHeaders() has been stepping in, typically choosing "gzip, deflate, br". If the DoH provider honored this request for compression, it would effectively strip padding from the DNS response, which is a privacy leak. To be clear, I have not observed any DoH providers compressing their response. It just seems prudent not to request compression that we do not want. Bug: 1051615 Change-Id: I0cad558f76298b7ed58de70b70b1954cd42b88f9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2546476Reviewed-by:Eric Orth <ericorth@chromium.org> Commit-Queue: Dan McArdle <dmcardle@chromium.org> Cr-Commit-Position: refs/heads/master@{#828645}
Showing
Please register or sign in to comment