You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HTTP does not specify a limit on request body size but allows implementations to enforce one to allow bounding of resource usage. Even if the actual request body is small, direct usage of a client-supplied Content-Length header can cause excessive memory usage potentially leading to a denial-of-service. Dropshot has a config option to set a maximum request body size but no test to verify that that limit is enforced for this case.
The text was updated successfully, but these errors were encountered:
HTTP does not specify a limit on request body size but allows implementations to enforce one to allow bounding of resource usage. Even if the actual request body is small, direct usage of a client-supplied Content-Length header can cause excessive memory usage potentially leading to a denial-of-service. Dropshot has a config option to set a maximum request body size but no test to verify that that limit is enforced for this case.
The text was updated successfully, but these errors were encountered: