commit | 1acbef181d4675565c76b313d3cc14a5f0302703 | [log] [tgz] |
---|---|---|
author | Maxim Dounin <mdounin@mdounin.ru> | Mon Jun 28 18:01:06 2021 +0300 |
committer | Maxim Dounin <mdounin@mdounin.ru> | Mon Jun 28 18:01:06 2021 +0300 |
tree | bd21103b535e3375e2e91aa789d1dd8aa0d13f4e | |
parent | 12790af93730924f04993d25bd232a5ff6a58d76 [diff] |
Disabled requests with both Content-Length and Transfer-Encoding. HTTP clients are not allowed to generate such requests since Transfer-Encoding introduction in RFC 2068, and they are not expected to appear in practice except in attempts to perform a request smuggling attack. While handling of such requests is strictly defined, the most secure approach seems to reject them.