From 7b014082ab5772a588f50708d758500db10fbbb3 Mon Sep 17 00:00:00 2001
From: Ainar Garipov <a.garipov@adguard.com>
Date: Thu, 11 Feb 2021 18:40:14 +0300
Subject: [PATCH] Pull request: home: set vary hdr to origin

Merge in DNS/adguard-home from 2658-vary-origin to master

Updates #2658.

Squashed commit of the following:

commit b4bf6c16e19f1c0b04cc2e526e2b0968956cf56c
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu Feb 11 18:18:32 2021 +0300

    all: doc changes

commit f2599c5b48759565e2f621c2fcf89440de56e4a4
Merge: 3eb08ac8 6b8a46ef
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu Feb 11 18:16:53 2021 +0300

    Merge branch 'master' into 2658-vary-origin

commit 3eb08ac889163d123b5ca638a83a9289b456d04e
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu Feb 11 18:04:04 2021 +0300

    home: set vary hdr to origin
---
 CHANGELOG.md             | 4 ++++
 internal/home/control.go | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bfae45f1..f1e8d9c8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,10 +26,14 @@ and this project adheres to
 
 ### Fixed
 
+- The `Vary` header is now added along with `Access-Control-Allow-Origin` to
+  prevent cache-related and other issues in browsers ([#2658]).
+  domain, but with an HTTP scheme as opposed to `*` ([#2484]).
 - The request body size limit is now set for HTTPS requests as well.
 - Incorrect version tag in the Docker release ([#2663]).
 - DNSCrypt queries weren't marked as such in logs ([#2662]).
 
+[#2658]: https://github.com/AdguardTeam/AdGuardHome/issues/2658
 [#2662]: https://github.com/AdguardTeam/AdGuardHome/issues/2662
 [#2663]: https://github.com/AdguardTeam/AdGuardHome/issues/2663
 [#2664]: https://github.com/AdguardTeam/AdGuardHome/issues/2664
diff --git a/internal/home/control.go b/internal/home/control.go
index 71bf52e5..19876b12 100644
--- a/internal/home/control.go
+++ b/internal/home/control.go
@@ -251,12 +251,15 @@ func handleHTTPSRedirect(w http.ResponseWriter, r *http.Request) (ok bool) {
 
 	// Allow the frontend from the HTTP origin to send requests to the HTTPS
 	// server.  This can happen when the user has just set up HTTPS with
-	// redirects.
+	// redirects.  Prevent cache-related errors by setting the Vary header.
+	//
+	// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin.
 	originURL := &url.URL{
 		Scheme: "http",
 		Host:   r.Host,
 	}
 	w.Header().Set("Access-Control-Allow-Origin", originURL.String())
+	w.Header().Set("Vary", "Origin")
 
 	return true
 }