Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OLS ignores unrecognized transfer encodings #396

Open
kenballus opened this issue Jun 28, 2024 · 1 comment
Open

OLS ignores unrecognized transfer encodings #396

kenballus opened this issue Jun 28, 2024 · 1 comment

Comments

@kenballus
Copy link

kenballus commented Jun 28, 2024
edited
Loading

When OLS receives a message with an unrecognized Transfer-Encoding value, it is ignored. This is dangerous because the Transfer-Encoding header affects message framing, so there is little certainty that received messages with unrecognized transfer codings are interpreted correctly.

RFC 9112 suggests that implementations respond 501 to unrecognized transfer codings:

A server that receives a request message with a transfer coding it does not understand SHOULD respond with 501 (Not Implemented).

Nearly all other HTTP implementations (including AIOHTTP, Apache httpd, Cheroot, Daphne, Deno, FastHTTP, Go net/http, Gunicorn, H2O, HAProxy, Hyper, Hypercorn, Jetty, Libsoup, Lighttpd, Mongoose, Nginx, Node.js, Passenger, Puma, Tomcat, Tornado, Uvicorn, Waitress, WEBrick, Apache Traffic Server, nghttpx, Pound, Squid, Varnish, Akamai, Cloudflare, Google Classic App. LB, Envoy, and relayd) follow this advice, and OLS probably should too.
@litespeedtech
Copy link
Owner

should be fixed in 1.8.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@litespeedtech @kenballus