mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-24 04:49:01 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Removed "Transfer-Encoding: identity" support.

Browse Source 
The "identity" transfer coding has been removed in RFC 7230.  It is
believed that it is not used in real life, and at the same time it
provides a potential attack vector.
This commit is contained in:
Maxim Dounin 2020-02-20 16:19:34 +03:00
parent e64d798edb
commit b4d6b70d7f
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/http/ngx_http_request.c
View File

@ -1952,10 +1952,7 @@ ngx_http_process_request_header(ngx_http_request_t *r)
r->headers_in.content_length_n = -1;
r->headers_in.chunked = 1;
} else if (r->headers_in.transfer_encoding->value.len != 8
|| ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
(u_char *) "identity", 8) != 0)
{
} else {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent unknown \"Transfer-Encoding\": \"%V\"",
&r->headers_in.transfer_encoding->value);