Honglin Wu

What I mean by this was that the server would be better off rejecting such a request, or closing the connection with an error after processing, as according to the...

Thank you for your response. I understand the concern about edge cases like `GET https:// HTTP/1.0\r\nHost: evil.example\r\n\r\n`. My initial intention was just to highlight that when a valid absolute-form request-target...

Hello, I have the following finding. I deployed a proxy server (Apache, running on http://localhost:80) in front of Gunicorn to forward HTTP requests to Gunicorn. In my test, Apache strictly...

Hello. The RFC clearly states that a server MUST reject a `CONNECT` request that **targets an empty or invalid port number**. Even if Gunicorn allows the application to decide whether...

Hello, my above explanation is not rigorous enough. Here is my new explanation. RFC 9112 says this: > A server MUST reject a `CONNECT` request that targets an empty or...

Sorry I may have bothered. What I want to express is that according to RFC 9112 I mentioned before: > The request method is case-sensitive. HTTP request methods should be...