HTTP/1.1 must die: the desync endgame

Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This p

<hr>
<p><small>文章来源: <a href="https://portswigger.net/research/http1-must-die" target="_blank">https://portswigger.net/research/http1-must-die</a></small></p>