On 30/06/2020 03:12, Bhavesh Mistry wrote: > Hi Mark, > > Thank you for responding. I have one more question. This is spring-boot 2 > application REST API server and it does not accept Cookie or session > (timeout is set to zero). Auth happens through Authorized header. We > have set 10mb for maxPostSize. Does maxSavePostSize takes precedence over > maxPostSize ?
No. They are different settings. > I will set maxSavePostSize to -1 to disable it. That is a DoS risk. > Also, I have another question. When Payload is as large as 10mb (json > post), does payload body in JVM MEMORY or offloaded to FileInputStream ? Where POST data is saved for authentication is, it is always in memory. For other POSTs, it will depend on the application configuration and/or code. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org