Comments (4)
bwehrle
commented on June 14, 2024
1
This now makes sense:
- Body will never contain content chunks because we're using an HttpObjectAggregator
- The aggregator has a limit which is set to 1MB
- This approach applies that maximum content size (note: this value is not exposed in the configuration)
- Netty already has a default max header size as well
I think we can close this issue.
from xoom-http.
bwehrle
commented on June 14, 2024
This also might exist for other aspects of the HTTP Request (headers, path or other elements)
from xoom-http.
VaughnVernon
commented on June 14, 2024
Thanks @bwehrle! Internally we use Netty, especially on Linux-based systems due to a strange JDK error in polling socket channels on Linux. We do declare a buffer limit of 1 MB for Netty, but I don't know if this is supposed to prevent the kinds of attacks you suggest looking out for. If so then it should be covered.
This is used by all normal ServerActor instances, and it enables the service/application to set its own limit:
This is used when an HttpAgent is specifically requested:
from xoom-http.
bwehrle
commented on June 14, 2024
Let me check the underlying wire system and if its using a specified limit or if that buffer limit is sufficient.
from xoom-http.
Related Issues (20)
- Allow RequestHandler* to return subclasses of Response HOT 15
- Support SSL HOT 5
- Eliminate Bare TestUntil Uses HOT 2
- Connection-based Async Client HOT 1
- Binary Request Body
- Need Filter Chain Support HOT 1
- The Fluent API with DynamicResource Is Not Correctly Creating Pool Instances HOT 1
- Request handler withFailure causes blocked response HOT 4
- Content-Type text/plain is not supported HOT 3
- When Action.disallowPathParametersWithSlash is set to false, incorrect URIs are matched HOT 3
- Refactor Header Case-Insensitive Matching HOT 1
- SocketChannel looping infinitely while handling probe interval HOT 1
- Race Condition When Dispatcher Pool Used By HttpAgent
- Race Condition On Heavy Load
- ResourceBuilder should treat trailing slash optional HOT 6
- Response Without a Body Fails
- Request and Response Content-Length Must Use Bytes Count HOT 2
- Request response of exotic unicode characters seems broken HOT 4
- Support for compressed body POST/PUT media types HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xoom-http.