]> git.kaiwu.me - nginx.git/commit
Disabled HTTP/1.0 requests with Transfer-Encoding.
authorSergey Kandaurov <pluknet@nginx.com>
Mon, 9 Aug 2021 15:12:12 +0000 (18:12 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Mon, 9 Aug 2021 15:12:12 +0000 (18:12 +0300)
commit7bcb50c0610a18bf43bef0062b2d2dc550823b53
treec780c95190f6db507cf676420d9c4c83cfe8f108
parent02bd43d05b6f7803597d8453d9848b767dc4a323
Disabled HTTP/1.0 requests with Transfer-Encoding.

The latest HTTP/1.1 draft describes Transfer-Encoding in HTTP/1.0 as having
potentially faulty message framing as that could have been forwarded without
handling of the chunked encoding, and forbids processing subsequest requests
over that connection: https://github.com/httpwg/http-core/issues/879.

While handling of such requests is permitted, the most secure approach seems
to reject them.
src/http/ngx_http_request.c