Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: support multiple identical Content-Length headers #16490
Please answer these questions before submitting your issue. Thanks!
I expected http response.
http: message cannot contain multiple Content-Length headers
Added check -> net/http: harden Server against request smuggling
The check as is doesn't allow the optional response of multiple Content-Length headers as long as they match.
If a message is received that has multiple Content-Length header
Proposed alteration to check allowing duplicate Content-Length headers:
Example response header from vendor tools:
< HTTP/1.1 200 Ok