Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http09: disable HTTP/0.9 by default in both tool and library #4191

Closed
wants to merge 2 commits into from

Conversation

@bagder
Copy link
Member

bagder commented Aug 5, 2019

As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174.

As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174.
@bagder bagder added the HTTP label Aug 5, 2019
@jay

This comment has been minimized.

Copy link
Member

jay commented Aug 5, 2019

What's the potential security risk that you referred to in the doc?

@bagder

This comment has been minimized.

Copy link
Member Author

bagder commented Aug 5, 2019

The risk is that someone can point the URL to something completely different that isn't even a HTTP server and curl will return contents thinking it is HTTP.

@bagder bagder closed this in a42b095 Aug 5, 2019
@bagder bagder deleted the bagder/http09-default-off branch Aug 5, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Nov 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.