From e19250dc9942ccea673ad4caadd6874d1e2aca18 Mon Sep 17 00:00:00 2001
From: Star Brilliant <coder@poorlab.com>
Date: Mon, 2 Jul 2018 17:49:34 +0800
Subject: [PATCH] Workaround a bug causing Firefox 61-62 to reject responses
 with Content-Type = application/dns-message

---
 doh-server/ietf.go | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/doh-server/ietf.go b/doh-server/ietf.go
index 9ca39f3..5aaedf8 100644
--- a/doh-server/ietf.go
+++ b/doh-server/ietf.go
@@ -31,6 +31,7 @@ import (
 	"log"
 	"net/http"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/m13253/dns-over-https/json-dns"
@@ -62,7 +63,7 @@ func (s *Server) parseRequestIETF(w http.ResponseWriter, r *http.Request) *DNSRe
 		}
 	}
 
-	if s.patchDNSCryptProxyReqID(requestBinary, w) {
+	if s.patchDNSCryptProxyReqID(w, r, requestBinary) {
 		return &DNSRequest{
 			errcode: 444,
 		}
@@ -166,6 +167,9 @@ func (s *Server) generateResponseIETF(w http.ResponseWriter, r *http.Request, re
 		}
 		w.Header().Set("Expires", respJSON.EarliestExpires.Format(http.TimeFormat))
 	}
+
+	_ = s.patchFirefoxContentType(w, r)
+
 	if respJSON.Status == dns.RcodeServerFailure {
 		w.WriteHeader(503)
 	}
@@ -173,8 +177,8 @@ func (s *Server) generateResponseIETF(w http.ResponseWriter, r *http.Request, re
 }
 
 // Workaround a bug causing DNSCrypt-Proxy to expect a response with TransactionID = 0xcafe
-func (s *Server) patchDNSCryptProxyReqID(requestBinary []byte, w http.ResponseWriter) bool {
-	if bytes.Equal(requestBinary, []byte("\xca\xfe\x01\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x02\x00\x01\x00\x00\x29\x10\x00\x00\x00\x80\x00\x00\x00")) {
+func (s *Server) patchDNSCryptProxyReqID(w http.ResponseWriter, r *http.Request, requestBinary []byte) bool {
+	if strings.Contains(r.UserAgent(), "dnscrypt-proxy") && bytes.Equal(requestBinary, []byte("\xca\xfe\x01\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x02\x00\x01\x00\x00\x29\x10\x00\x00\x00\x80\x00\x00\x00")) {
 		log.Println("DNSCrypt-Proxy detected. Patching response.")
 		w.Header().Set("Content-Type", "application/dns-message")
 		now := time.Now().UTC().Format(http.TimeFormat)
@@ -184,3 +188,12 @@ func (s *Server) patchDNSCryptProxyReqID(requestBinary []byte, w http.ResponseWr
 	}
 	return false
 }
+
+// Workaround a bug causing Firefox 61-62 to reject responses with Content-Type = application/dns-message
+func (s *Server) patchFirefoxContentType(w http.ResponseWriter, r *http.Request) bool {
+	if strings.Contains(r.UserAgent(), "Firefox") && strings.Contains(r.Header.Get("Accept"), "application/dns-udpwireformat") && !strings.Contains(r.Header.Get("Accept"), "application/dns-message") {
+		w.Header().Set("Content-Type", "application/dns-udpwireformat")
+		return true
+	}
+	return false
+}