Commit 7ecb032f authored by Dan McArdle's avatar Dan McArdle Committed by Commit Bot

Explicitly set "accept-encoding: identity" header for DoH URL requests.

Currently, DnsHTTPAttempt does not set the accept-encoding header.
URLRequestHttpJob::AddExtraHeaders() has been stepping in, typically
choosing "gzip, deflate, br".

If the DoH provider honored this request for compression, it would
effectively strip padding from the DNS response, which is a privacy
leak.

To be clear, I have not observed any DoH providers compressing their
response. It just seems prudent not to request compression that we do
not want.

Bug: 1051615
Change-Id: I0cad558f76298b7ed58de70b70b1954cd42b88f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2546476Reviewed-by: default avatarEric Orth <ericorth@chromium.org>
Commit-Queue: Dan McArdle <dmcardle@chromium.org>
Cr-Commit-Position: refs/heads/master@{#828645}
parent af29e96d
...@@ -367,6 +367,8 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { ...@@ -367,6 +367,8 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate {
// Send minimal request headers where possible. // Send minimal request headers where possible.
extra_request_headers.SetHeader(HttpRequestHeaders::kAcceptLanguage, "*"); extra_request_headers.SetHeader(HttpRequestHeaders::kAcceptLanguage, "*");
extra_request_headers.SetHeader(HttpRequestHeaders::kUserAgent, "Chrome"); extra_request_headers.SetHeader(HttpRequestHeaders::kUserAgent, "Chrome");
extra_request_headers.SetHeader(HttpRequestHeaders::kAcceptEncoding,
"identity");
DCHECK(url_request_context); DCHECK(url_request_context);
request_ = url_request_context->CreateRequest( request_ = url_request_context->CreateRequest(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment