From a9f0d334bbafdaa81f67aecdc683929faa575e00 Mon Sep 17 00:00:00 2001
From: Jarred Sumner <jarred@jarredsumner.com>
Date: Mon, 4 Apr 2022 00:58:26 -0700
Subject: [PATCH] [bun] Don't allow `Transfer-Encoding` header

---
 src/javascript/jsc/api/server.zig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/javascript/jsc/api/server.zig b/src/javascript/jsc/api/server.zig
index 81031d5d0d..c3380cbe34 100644
--- a/src/javascript/jsc/api/server.zig
+++ b/src/javascript/jsc/api/server.zig
@@ -548,6 +548,8 @@ fn NewRequestContext(comptime ssl_enabled: bool, comptime debug_mode: bool, comp
             headers: *JSC.FetchHeaders,
         ) void {
             headers.remove(&ZigString.init("content-length"));
+            headers.remove(&ZigString.init("transfer-encoding"));
+            if (!ssl_enabled) headers.remove(&ZigString.init("strict-transport-security"));
             headers.toUWSResponse(ssl_enabled, this.resp);
         }