Aias00 opened a new pull request, #977: URL: https://github.com/apache/dubbo-go-pixiu/pull/977
## What Limit the HTTP hot reload request body to 1 MiB before parsing reload YAML, and return `413 Request Entity Too Large` when the limit is exceeded. The reload token comparison now uses constant-time comparison. ## Why The handler previously used `io.ReadAll(r.Body)` without a size limit, which allowed an authenticated caller to force excessive memory use with a large reload body. ## Testing - `go test ./pkg/hotreload` - `git diff --check` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
