Posts tagged http3.

We built our own HTTP engine from scratch. No normalisation, no typed header map, no helpfulness at all, because a well-behaved client quietly fixes the exact malformations you need to send. Here is what Keith is, and why we changed our minds about open-sourcing it.

HTTP/3 request smuggling is almost unploughed ground. Not because the surface is small, but because nearly every tool speaks h1/h2 only, and the few that speak h3 do it through a conformant QUIC library that won't let you send the bug.