Mercurial > hg > nginx
diff conf/uwsgi_params @ 9242:ddcedfa3a809
HTTP: just one empty line now accepted when parsing request line.
This ensures that multiple CRLFs cannot be used as a DoS vector, and also
in line with RFC 9112 ("SHOULD ignore at least one empty line"). Further,
bare CRs are no longer accepted.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 30 Mar 2024 05:10:40 +0300 |
parents | 62869a9b2e7d |
children |