[Twisted-Python] Limit headers by size and not by number in twisted.web
Adi Roiban
adi at roiban.ro
Wed Jan 22 05:15:27 MST 2014
Hi,
I have checked twisted.web.http.HTTPChannel and I see that it limits the
headers by number and not by size.
https://github.com/twisted/twisted/blob/trunk/twisted/web/http.py#L1596
Maybe I don't see the big picture, but wouldn't this allow the server to
load in memory a request with a single header of 1G ?
Other than changing the HTTPChannel.lineReceived() implementation, is there
a way to limit header size?
I did a quick test and the server accepted an 1M cookie value without any
problem.
curl --cookie cookies.txt http://localhost:8080
cookies.txt in in this format https://gist.github.com/adiroiban/8557725
It this a feature or a bug?
Many thanks!
--
Adi Roiban
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-python/attachments/20140122/c1050e15/attachment.html>
More information about the Twisted-Python
mailing list