1762532 - incorrect content type on mozilla.cloudflare-dns.com

Status: RESOLVED INVALID

(Firefox :: Untriaged, defect)

Description

[Valya]

Attachment: firfox2.png

Issue:  
Content type incorrectly stated
Severity:  
Low
Confidence:  
Firm
Host:  
https://mozilla.cloudflare-dns.com
Path:  
/dns-query

Issue detail
The response states that the content type is application/dns-message. However, it actually appears to contain unrecognized content. If the URL path can be manipulated to end with ".html", the following browsers may interpret the response as HTML:
Internet Explorer 11
Internet Explorer 11 (Compatibility Mode)

Comment 1

[Andrew McCreight [:mccr8]]

Dragana, do you know where a possible issue with https://mozilla.cloudflare-dns.com should be reported? Thanks.

Comment 2

[Daniel Veditz [:dveditz]]

This is not a mozilla-run server; this is a Cloudflare-run server. https://developers.cloudflare.com/1.1.1.1/privacy/cloudflare-resolver-firefox/ (it's not 1.1.1.1, obviously, but it's the same protocol set up with specific privacy guarantees as per an agreement between the two companies).

The server returns responses compliant with the DNS-over-HTTPS (DoH) spec as sent by Cloudflare and interpreted correctly by Firefox and other DoH clients. It is extremely unlikely that the returned content is in the wrong format since Mozilla and Cloudflare collaborated closely in the specification and did years of interoperability testing. https://datatracker.ietf.org/doc/html/rfc8484 Perhaps your tool is misunderstanding HTTP/2 responses?

You offer no evidence the URL or the contents of the returned data can be manipulated in the described way. A valid DNS query would not end in ".html", and a GET request that did should return an error. If you can I'm sure Cloudflare would like to learn about it.