This is an automated email from the ASF dual-hosted git repository. paulrutter pushed a commit to branch maintenance/FELIX-6776-Introduce-way-to-restrict-request-and-response-size in repository https://gitbox.apache.org/repos/asf/felix-dev.git
commit 128784ebb69c288ac6277b4e18a60d7b594fee6d Author: Paul Rütter <[email protected]> AuthorDate: Wed May 7 20:15:42 2025 +0200 FELIX-6776 Introduce way to restrict request and response size - introduce org.apache.felix.http.jetty.requestSizeLimit and org.apache.felix.http.jetty.responseSizeLimit - If either one is configured, the SizeLimitHandler will be configured, see https://jetty.org/docs/jetty/12/programming-guide/server/http.html#handler-use-size-limit - -1 is the default for both, which means unlimited. - Updated README.md for new properties --- http/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/http/README.md b/http/README.md index cbe938488c..f7a7a3cf6e 100644 --- a/http/README.md +++ b/http/README.md @@ -411,9 +411,9 @@ properties can be used (some legacy property names still exist but are not docum | `org.apache.felix.http.jetty.headerBufferSize` | Size of the buffer for request and response headers, in bytes. Default is 16 KB. [...] | `org.apache.felix.http.jetty.requestBufferSize` | Size of the buffer for requests not fitting the header buffer, in bytes. Default is 8 KB. [...] | `org.apache.felix.http.jetty.responseBufferSize` | Size of the buffer for responses, in bytes. Default is 24 KB. [...] -| `org.apache.felix.http.jetty.maxFormSize` | The maximum size accepted for a form post, in bytes. Defaults to 200 KB. Deprecated in favor of `org.apache.felix.http.jetty.requestSizeLimit` since Jetty12 1.0.28. [...] -| `org.apache.felix.http.jetty.requestSizeLimit` | Maximum size of the request body for submitted form/multipart content. Default is unlimited. Added in Jetty12 1.0.30 as replacement of `org.apache.felix.http.jetty.maxFormSize`. [...] -| `org.apache.felix.http.jetty.responseSizeLimit` | Maximum size of a response. Default is unlimited. Default is unlimited. Added in Jetty12 1.0.30. [...] +| `org.apache.felix.http.jetty.maxFormSize` | The maximum size accepted for a form post, in bytes (ony applies to form parameters). Defaults to 200 KB. [...] +| `org.apache.felix.http.jetty.requestSizeLimit` | Maximum size of the request body in bytes. Default is unlimited. Added in Jetty12 1.0.30. [...] +| `org.apache.felix.http.jetty.responseSizeLimit` | Maximum size of the response body in bytes. Default is unlimited. Default is unlimited. Added in Jetty12 1.0.30. [...] | `org.apache.felix.http.mbeans` | If `true`, enables the MBean server functionality. The default is `false`. [...] | `org.apache.felix.http.jetty.sendServerHeader` | If `false`, the `Server` HTTP header is no longer included in responses. The default is `false`. [...] | `org.eclipse.jetty.servlet.SessionCookie` | Name of the cookie used to transport the Session ID. The default is `JSESSIONID`. [...]
