dnsdist: default set "Connection: close" header for web requests

diff --git a/pdns/dnsdist-web.cc b/pdns/dnsdist-web.cc
index 8cee0f379fde7cae06f98f698d094610a586c6ec..998af91e4c86e26587d8e2afd709dfdb42911810 100644 (file)
--- a/pdns/dnsdist-web.cc
+++ b/pdns/dnsdist-web.cc
@@ -194,6 +194,7 @@ static void addSecurityHeaders(YaHTTP::Response& resp, const boost::optional<std
     { "X-Permitted-Cross-Domain-Policies", "none" },
     { "X-XSS-Protection", "1; mode=block" },
     { "Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'" },
+    { "Connection", "close" },
   };
 
   for (const auto& h : headers) {

diff --git a/pdns/dnsdistdist/docs/guides/webserver.rst b/pdns/dnsdistdist/docs/guides/webserver.rst
index 367347a6ee069721374c56bb975a21bef8bb88a0..c36f8f392ed44c2e25babde81e1c3c22750b28b9 100644 (file)
--- a/pdns/dnsdistdist/docs/guides/webserver.rst
+++ b/pdns/dnsdistdist/docs/guides/webserver.rst
@@ -21,6 +21,7 @@ By default, our web server sends some security-related headers::
    X-Permitted-Cross-Domain-Policies: none
    X-XSS-Protection: 1; mode=block
    Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'
+   Connection: close
 
 You can override those headers, or add custom headers by using the last parameter to :func:`webserver`.
 For example, to remove the X-Frame-Options header and add a X-Custom one:
@@ -64,6 +65,7 @@ URL Endpoints
 
       HTTP/1.1 200 OK
       Transfer-Encoding: chunked
+      Connection: close
       Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'
       Content-Type: application/json
       X-Content-Type-Options: nosniff
@@ -86,6 +88,7 @@ URL Endpoints
 
       HTTP/1.1 200 OK
       Transfer-Encoding: chunked
+      Connection: close
       Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'
       Content-Type: application/json
       X-Content-Type-Options: nosniff