A chunked HTTP message body is terminated with a 0-length chunk (i.e. something like 0\r\n\r\n). Mongoose will terminate message bodies even with a chunk having no length at all (i.e. \r\n\r\n).

To see for yourself, try sending the following payload to Mongoose:

POST / HTTP/1.1\r\n
Host: a\r\n
Transfer-Encoding: chunked\r\n
\r\n
1\r\n
Z\r\n
\r\n
\r\n
GET / HTTP/1.1\r\n
Host: a\r\n
\r\n

The first of these requests is invalid because its last chunk has no size. The correct behavior is to reject such requests. Mongoose instead processes this payload as 2 separate requests, without acknowledging the malformation.

This is potentially useful for request smuggling, because many servers ignore extra CRLFs between valid chunks.