On Aug 5, 2016 3:43 PM, "William A Rowe Jr" <[email protected]> wrote: > > Our strict mode parsing still permits simple "\n" line termination rather than the CRLF as defined by spec. Here again, I can't find a security or integrity issue. > > In neither case do we send bad data as request headers to a backend or bad data in a response.
RFC7230 3.5 provided the answer, no issue here since we don't propagate the legacy behavior in our own requests or responses.
