Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for limit header size #1684

Closed
wants to merge 14 commits into from
Closed

feat: add support for limit header size #1684

wants to merge 14 commits into from

Conversation

iudeen
Copy link
Contributor

@iudeen iudeen commented Oct 1, 2022
edited
Loading

Implemented a feature discussed in #157

Note:
I am still figuring out how to add this in h11 implementation. But as per #157 (comment) we do not need there.

@iudeen
Copy link
Contributor Author

iudeen commented Oct 1, 2022

Some tests are failing because of huge headers. Should we not default to 8190, and use only if the argument is passed?

iudeen
iudeen commented Oct 1, 2022
View reviewed changes
uvicorn/protocols/http/httptools_impl.py
@@ -237,6 +241,12 @@ def on_header(self, name: bytes, value: bytes) -> None:
if name == b"expect" and value.lower() == b"100-continue":
self.expect_100_continue = True
self.headers.append((name, value))
if self.config.limit_request_header_size and (
Copy link
Contributor Author

@iudeen iudeen Oct 1, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to check lengths of name and values individually. Is this the right approach? Or should we combine? len(name+value)?

iudeen
iudeen commented Oct 1, 2022
View reviewed changes
uvicorn/main.py
type=int,
default=0,
is_flag=False,
flag_value=8190,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8190 is standard value used by Gunicorn, IBM server, etc.

@iudeen
Copy link
Contributor Author

iudeen commented Oct 1, 2022

Thanks @Kludex for pointing out an example test :)

BilalAlpaslan
BilalAlpaslan approved these changes Oct 2, 2022
View reviewed changes
uvicorn/protocols/http/httptools_impl.py
@@ -154,7 +155,10 @@ def data_received(self, data: bytes) -> None:
try:
self.parser.feed_data(data)
except httptools.HttpParserError:
msg = "Invalid HTTP request received."
if self.header_too_big:
msg = "Header size exceeds limit"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it sould be return http 431 Request Header Fields Too Large
https://www.rfc-editor.org/rfc/rfc6585#section-5

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, thanks!

But I'm not sure if there's a straightforward way to raise or respond with status code other than 400.

May be we need a helper function similar to send400response for other status codes.

@Kludex
Copy link
Member

Kludex commented Oct 19, 2022

We should be able to stop when we are about to reach the limit, not from the chunk itself. When we have the chunk of data, it's already too late.

I'm not sure if this is possible without changing httptools itself. Let's follow MagicStack/httptools#87

@iudeen
Copy link
Contributor Author

iudeen commented Oct 19, 2022

So shall we close this PR now?

@iudeen iudeen closed this Oct 19, 2022
@Kludex Kludex mentioned this pull request Jun 28, 2023
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BilalAlpaslan BilalAlpaslan BilalAlpaslan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iudeen @Kludex @BilalAlpaslan