At 02:34 AM 6/23/2005, jean-frederic clere wrote: >Once the patch applied we lose the information that the request was >"incorrect". >That means we won't be able to choose in proxy between sending C-L (and >dechunk) and T-E.
s/request/response/ The point was, if one were to exploit the origin server to inject a fake T-E, and the C-L is legit, we can't catch it. Suggesting (to me) that it's better to insist on strictly conformant responses from origin servers, which are an entirely different beast than clients. But since there are (undoubtedly) bad origin servers out there, we would likely need to make this a configuration choice, not an absolute rule. After all, they are using Apache to front end their buggy/vulnerable backend servers out there :) Bill
