-
Notifications
You must be signed in to change notification settings - Fork 269
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Maximum allowed size for HTTP headers? #398
Comments
Currently there's a hard-coded limit of 1000 on the number of headers; see https://github.com/klacke/yaws/blob/master/src/yaws.erl#L2697 and https://github.com/klacke/yaws/blob/master/src/yaws.erl#L2835-L2836 . I agree it would be better to have a configurable size limit instead. |
Sorry if I was unclear, but I meant the max allowed size of a header value. |
Yes, I agree that also needs to be addressed. |
Note BTW that the maximum length of a request header is controlled by the |
Yes, and no. Getting the headers is done by calling |
I don't see how it can get an infinite line given the max packet size of 16#4000 set on the socket. I've run experiments with headers that exceed the 16#4000 limit and as I mentioned earlier, |
Yes, a clean installation does not express the problem with long lines. I will investigate. |
Should Yaws have a way to limit the acceptable size of the received HTTP headers?
I think so :-)
See also: https://stackoverflow.com/questions/686217/maximum-on-http-header-values
The text was updated successfully, but these errors were encountered: