An external audit of our APIs has revelled that we're vulnerable to an
HTTP Request Smuggling attack, where a maliciously crafted request
contains both a Content-Length and Transfer-Encoding:Chunked header, or
two Content-Length headers. This can res...