Re: [Django] #35289: Chunked transfer encoding is not handled correctly by MultiPartParser

Mon, 18 Mar 2024 08:11:20 -0700 

#35289: Chunked transfer encoding is not handled correctly by MultiPartParser
-------------------------------------+-------------------------------------
     Reporter:  Kyle Agronick        |                    Owner:  nobody
         Type:  Bug                  |                   Status:  new
    Component:  HTTP handling        |                  Version:  dev
     Severity:  Normal               |               Resolution:
     Keywords:  transfer-encoding,   |             Triage Stage:  Accepted
  chunked, multi-part                |
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Comment (by Kyle Agronick):

 I can make a patch. There are a few ways to fix this. I think the best way
 should be a new upload file handler that is the default which uses
 `SpooledTemporaryFile` so it can cleanly fall back if there is too much
 data while being fast for small requests. I think we also need to check
 `DATA_UPLOAD_MAX_MEMORY_SIZE` as we are reading the stream into the temp
 file and throw a `SuspiciousOperation` if we read too much. Looking at the
 docs it seems `FILE_UPLOAD_MAX_MEMORY_SIZE` and
 `DATA_UPLOAD_MAX_MEMORY_SIZE` are named similarly but one controls if we
 write to disk and one controls if we abort the request.

 That is a bit ambitious considering I've never contributed to Django and
 would probably require deprecating the current handlers. If we don't want
 to do the ambitious approach, the check in `MemoryFileUploadHandler` that
 does `self.activated = content_length <=
 settings.FILE_UPLOAD_MAX_MEMORY_SIZE` could be `self.activated =
 content_length and content_length <= settings.FILE_UPLOAD_MAX_MEMORY_SIZE`
 and cause all requests that don't have a content-length to fall back to
 `TemporaryFileUploadHandler` in the default configuration. That would mean
 `MemoryFileUploadHandler` won't work with chunked transfer-encoding
 without a content-length. Perhaps add a note in the docs since reading an
 unspecified content-length into memory is dangerous anyways.

 Thoughts?
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35289#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018e521de332-7c8a59c5-6f3c-4502-aebf-ff7db655a1d5-000000%40eu-central-1.amazonses.com.

Reply via email to