Skip Navigation
Asshole Design (web edition) @infosec.pub freedomPusher @sopuli.xyz

(Github) withholds content-length from HTTP headers so you cannot know the size of a tarball before fetching

A software package was released as a tarball, but if it’s not listed in the releases (which gives the size) you’re stuffed if you need to know the size before downloading because curl -LI $url gives content-length: 0.

0
0 comments