Limit accepted request body size in HTTP listener
aperezdc opened this issue · comments
The following plugins accept HTTP requests (via httpevent
), and should put a limit on the size of the body of accepted requests:
-
github
-
travis
-
webhook
Ideally: A sane default for the maximum size of request bodies should be used by each plugin, optionally allowing for tweaking via the configuration file.
This is harder than it should when using the net.http
module from Prosody: the actual reading of data is buried in net.server_select
, which does have maximum read/write buffer length settings, but unfortunately the module is used also for XMPP communication, and tweaking the sizes may end up in breaking XMPP processing 😞
For now I am settling on defining a max_request_size
setting for the httpevent
plugin, and check it against the Content-Length
header (or, if not available, the size of the received body, #request.body
). It's better than nothing.