Yeah, that’s nuts and is obviously flawed behaviour that can interact poorly with any number of things - not least of all any kind of checksums within the response.
I’m surprised to see that in a RFC.
Edit: it’s only for the cache key:
> Note that any such normalization is performed solely for the purpose of generating a cache key; it does not change the request itself.
Still super dangerous.
Edit edit: I just typed out a long message on the GitHub issue tracker for this, but submitting it errored and I’ve lost all the content. Urgh
I’m surprised to see that in a RFC.
Edit: it’s only for the cache key:
> Note that any such normalization is performed solely for the purpose of generating a cache key; it does not change the request itself.
Still super dangerous.
Edit edit: I just typed out a long message on the GitHub issue tracker for this, but submitting it errored and I’ve lost all the content. Urgh