net/http: support multiple identical Content-Length headers #16490
Please answer these questions before submitting your issue. Thanks!
I expected http response.
http: message cannot contain multiple Content-Length headers
Added check -> net/http: harden Server against request smuggling
The check as is doesn't allow the optional response of multiple Content-Length headers as long as they match.
If a message is received that has multiple Content-Length header
Proposed alteration to check allowing duplicate Content-Length headers:
Example response header from vendor tools:
< HTTP/1.1 200 Ok
The text was updated successfully, but these errors were encountered: