mike amundsen wrote:
I agree w/ Kris:Limiting HTTP headers is a real problem. I see no reason for this. Certainly not for security reasons.
How can you know that it is safe to send any header to any server? Note that no access checks are done before sending GET requests, so allowing any header there seems like it has great potential to have undesired effects on servers.
/ Jonas
