Cleanup / fix delegated routing response headers

[byo]

• Always send X-Content-Type-Options: nosniff to prevent detection of content type
• Add Vary: Accept to inform clients that the response depends on the Accept header
• Fix Allow header when invalid method was used
• Always send 404 Not found with text/plain content type
• Always send the Cache-control: public header

[nymd]

Worth addressing? but not a blocker

[nymd]

Maybe max-age is a good addition as well so we are specific about acceptable staleness.

[lidel]

fysa specs for /routing/v1 have some suggested values to work well with HTTP caches https://specs.ipfs.tech/routing/http-routing-v1/#response-headers

[byo]

Yes, will extend the PR. But that's something to be easily configured through env vars, and with both max-age and s-maxage so that we can easily control cacheability on both the front cache and clients.

What I would like to avoid is for the client to aggressively cache 404 not-found responses. If that happens then we have no way of purging that cache. So what I believe would be a good solution is:

• For 200 respones use max-age with the same TTL as what is configured in cloudfront ATM, specify s-maxage to the same value
• For 404 responses do not specify max-age but set s-maxage to the value that is configured as defaultTTL for 404 error response in cloudfront. This should result in client re-querying for the data on every subsequent request, but cloudfront would still keep this in cache protecting our backend from too much traffic.

[byo]

@lidel thanks, will take a look at this as well