From 6ba2e88a642434bd0ffa95465e4a7d034d03ea10 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 23 Apr 2015 15:58:21 +0200
Subject: CURLOPT_HEADEROPT: default to separate

Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.

Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
---
 lib/url.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib')

diff --git a/lib/url.c b/lib/url.c
index dfd2ff4c5..717ee93fc 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -617,6 +617,7 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
   set->ssl_enable_alpn = TRUE;
 
   set->expect_100_timeout = 1000L; /* Wait for a second by default. */
+  set->sep_headers = TRUE; /* separated header lists by default */
   return result;
 }
 
-- 
cgit v1.2.3