Chunked Transfer Encoding and Extended Runtime Protection

We recently added support to NanoVMs Radar that allows customers access to real-time data for additional runtime protection. In the course of adding that we had to update our relatively naive http client that is used in the cloud_init klib. The cloud_init klib allows you to do certain things like check into a metadata server or download env information from a secret store.

This change now allows chunked transfer encoding.

What is Chunked Transfer Encoding

Chunked transfer encoding is a feature of http 1.1. It allows you to stream "chunks" of data preceded by a size instead of relying on the traditional Content-Length header. So imagine you might want to download a video. We already know it's large but instead of having to buffer the entire video into memory on the server side we can instead start streaming it immediately and shipping it off in chunks.

The simplest way to see if your endpoint might be using chunked transfer encoding is to tell curl to default to http1.1 and show the response headers:

➜  ~ curl -I -XGET --http1.1 -H https://host.com/endpoint
HTTP/1.1 200 OK
Date: Mon, 22 Jun 2026 23:45:40 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked

A typical response might look like the following:

5\r\n
Hello\r\n
5\r\n
World\r\n
0\r\n
\r\n

You'll see we set the final chunk to size zero.

If you don't specify http 1.1 you might see that it tries to respond with http/2 or http/3 which is fine but doesn't do chunked transfer encoding as they deal with data streaming differently.

There are a few other directives one might use with transfer-encoding including compress, deflate and gzip.

Extended Runtime Protection

As part of our new extended runtime protection package we use this in radar to block bots, spam, malware and other associated garbage. We also have a lot of other things in the works so if you're interested in this please reach out.

If you're a Radar customer you can get acesss to this immediately by setting this in your config:

{
 "ManifestPassthrough": {
    "firewall": {
      "dynamic_rules":["radar"]
    }
  },
  "Env": {
    "RADAR_KEY": "my_radar_api_key"
  }
}

Stop Deploying 50 Year Old Systems

Introducing the future cloud.

Ready for the future cloud?

Ready for the revolution in operating systems we've all been waiting for?

Schedule a Demo