Jeremiah Senkpiel
Jeremiah Senkpiel
Oh. I think this is a libcurl / isahc problem, it seems familiar. @Firstyear try using this in your `Cargo.toml`: ```toml surf = { version = "2.3", default-features = false,...
We may want to report that to the [isahc repo](https://github.com/sagebind/isahc/issues), but note that [we run 0.9 instead of 1.x](https://github.com/http-rs/http-client/blob/3c0ed9a2f350749f48f579867139dd9e3afdf182/Cargo.toml#L63)
@Firstyear We probably need to introduce versioned feature flags ... Please report this to Isahc, yeah
The issue you are describing seems like it's an api shortcoming of how isahc works with the `http` crate... The problem stems from the interactions of this api: https://docs.rs/http/0.2.4/http/request/struct.Builder.html#method.body I...
Could someone check if this patch fixes the issue? https://github.com/http-rs/http-client/pull/97 (Edit: original patch was wrong, should be good now.)
Regarding isahc 0.9 vs 1.x - we ("we" as in who ever did this at the time, who was not _really_ me (i.e. pre 2.x)) messed up and made feature...
async-h1 is a [**_HTTP 1.1_** parser](https://docs.rs/async-h1/2.3.1/async_h1/). ~~Opt-in HTTP 1.0 support was recently-ish merged however, but you'll need to set that up yourself: https://github.com/http-rs/async-h1/pull/170~~ That is server-only, there is no client...
(Note, this is barely over 1% of websites.) It's of low importance to newer HTTP clients, but we may have an option to support it depending what implications it has.
[This is DDOS prevention.](https://github.com/http-rs/async-h1/blob/9993b0475ff8909f15907909aefa7e6f8d631732/src/client/decode.rs#L34) See also https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/#denial-of-service-with-large-http-headers-cve-2018-12121 Perhaps this could be configurable, but seems of marginal importance.
is this semver-major?