Note
- This question is about requests with the
Transfer-Encodingheader, not responses - Yes, requests can use the
Transfer-Encodingheader - One could implement a web browser that does anything, but for the purposes of this question, please limit the definition of "web browser" to Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari.
Background
- For
XMLHttpRequest,Transfer-Encodingis a forbidden header name - For
fetch,Transfer-Encodingis a forbidden header name - For links or forms in HTML, there is no explicit reference to
Transfer-Encodingin [the HTML standard] (https://html.spec.whatwg.org/) - It's not an authoritative source, but the PortSwigger article on request smuggling states that "Browsers do not normally use chunked encoding in requests, and it is normally seen only in server responses."
- The only reference I've been able to find that might use
Transfer-Encodingis Chrome-specific, is behind an experimental flag, and requires a second, non-standard flag to enable it for HTTP/1.1
Question
- Is there a case (or cases) where a web browser will make a request with the
Transfer-Encodingheader?
I have been researching this topic recently and my understanding is that this is currently not supported by any major browser, but it is work-in-process.
The Chrome experiment is a first try to see how it will play out in web-world as it seems there are quite some edge cases that could go wrong with the complex web infrastructure there is out there (load balancers, proxies etc).
The main source I have been reading up on this is this
fetch's issue about readable stream support, that I recommend to read about if you are interested.