Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http09: disable HTTP/0.9 by default in both tool and library #4191

Closed
wants to merge 2 commits into from

Conversation

bagder
Copy link
Member

@bagder bagder commented Aug 5, 2019

As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174.

As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174.
@bagder bagder added the HTTP label Aug 5, 2019
@jay
Copy link
Member

jay commented Aug 5, 2019

What's the potential security risk that you referred to in the doc?

@bagder
Copy link
Member Author

bagder commented Aug 5, 2019

The risk is that someone can point the URL to something completely different that isn't even a HTTP server and curl will return contents thinking it is HTTP.

@bagder bagder closed this in a42b095 Aug 5, 2019
@bagder bagder deleted the bagder/http09-default-off branch August 5, 2019 22:09
@lock lock bot locked as resolved and limited conversation to collaborators Nov 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Development

Successfully merging this pull request may close these issues.

None yet

2 participants