undefined | Better HN

0 pointsMobiusHorizons1y ago0 comments

If you expect to be behind a reverse proxy that manages internal headers for you (removes them on incoming requests, and adds them based on internal criteria) then accepting bare 0x0a newlines could be a security vulnerability, as a malicious request could sneak an internal header that would not be stripped by the reverse proxy.

0 comments

Smar1y ago

Only in the case the reverse proxy does not handle bare 0a newlines?

j / k navigate · click thread line to collapse

0 pointsMobiusHorizons1y ago0 comments

0 comments

Smar1y ago

Only in the case the reverse proxy does not handle bare 0a newlines?

j / k navigate · click thread line to collapse