[bun] Don't allow `Transfer-Encoding` header

author: Jarred Sumner <jarred@jarredsumner.com> 2022-04-04 00:58:26 -0700
committer: Jarred Sumner <jarred@jarredsumner.com> 2022-04-04 00:58:26 -0700
commit: a9f0d334bbafdaa81f67aecdc683929faa575e00 (patch)
tree: 4d8fa0d50d6da84cb5413496ee8f4d2470c68b88
parent: cee3783e58e61d2f2a3f59b30afe7712ab0edb34 (diff)
download: bun-a9f0d334bbafdaa81f67aecdc683929faa575e00.tar.gz
bun-a9f0d334bbafdaa81f67aecdc683929faa575e00.tar.zst
bun-a9f0d334bbafdaa81f67aecdc683929faa575e00.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/javascript/jsc/api/server.zig b/src/javascript/jsc/api/server.zig
index 81031d5d0..c3380cbe3 100644
--- a/src/javascript/jsc/api/server.zig
+++ b/src/javascript/jsc/api/server.zig
@@ -548,6 +548,8 @@ fn NewRequestContext(comptime ssl_enabled: bool, comptime debug_mode: bool, comp
             headers: *JSC.FetchHeaders,
         ) void {
             headers.remove(&ZigString.init("content-length"));
+            headers.remove(&ZigString.init("transfer-encoding"));
+            if (!ssl_enabled) headers.remove(&ZigString.init("strict-transport-security"));
             headers.toUWSResponse(ssl_enabled, this.resp);
         }
author	Jarred Sumner <jarred@jarredsumner.com>	2022-04-04 00:58:26 -0700
committer	Jarred Sumner <jarred@jarredsumner.com>	2022-04-04 00:58:26 -0700
commit	a9f0d334bbafdaa81f67aecdc683929faa575e00 (patch)
tree	4d8fa0d50d6da84cb5413496ee8f4d2470c68b88
parent	cee3783e58e61d2f2a3f59b30afe7712ab0edb34 (diff)
download	bun-a9f0d334bbafdaa81f67aecdc683929faa575e00.tar.gz bun-a9f0d334bbafdaa81f67aecdc683929faa575e00.tar.zst bun-a9f0d334bbafdaa81f67aecdc683929faa575e00.zip