Folks, I have been looking at bug 37794 [1]
My reading of RFC2616 is that chunked requests with POST are OK. I have a patch that will handle chunked requests. In a similar manner to non-chunked requests, it reads the data into a buffer and then processes it. The question is what to do if we read more than maxPostSize? For non-chunked requests the behaviour is: - check the content length - if the length is greater than maxPostSize, log a "POST too large" message at debug level and skip processing request body - the request body is still there if the app wants to read it (although if it does, why set maxPostSize...) For chunked request bodies, the content length is unknown. We can track how many bytes we have read. If we read more the maxPostSize, what do we do? a) Throw an exception that leads to a 500 response? b) Drop what we have read already and ignore the rest? c) Process what we have already and ignore the rest (there will almost certainly be some invalid data at the end of the buffer in this case - this will be skipped)? d) Something else? I am currently leaning towards a) but wanted to get some feedback before finalising my proposed patch. Thoughts? Mark [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=37794 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
