[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] unable to respond before reading entire incoming pay
From: |
Christian Grothoff |
Subject: |
Re: [libmicrohttpd] unable to respond before reading entire incoming payload |
Date: |
Tue, 13 Dec 2016 07:26:48 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 12/12/2016 08:39 PM, Evgeny Grin wrote:
> Hi,
>
>> I am provoking a request for 'Payload too large' for our MHD server, by
>> using curl sending a short request (~25 bytes) but adding a Content-Len
>> header of a lot more (2 megabytes).
>
> To clarify: you are not providing some large request body, you are just
> added Content-Length header?
>
>> In our case the maximum payload we accept is a megabyte.
>>
>> So, in the mhd callback routines we detect the Content-Len header (and
>> probably read the 25 bytes of payload as well, haven't checked) and when
>> we see that the Content-Len header value is beyond our allowed max size,
>> we want to return a response with a payload telling the user about the
>> error.
>>
>> We've tried to set the upload_data_size pointer to point to ZERO,
>> awaiting the last call to the callback, but it never comes.
>>
>> Probably due to that MHD still believes there is more data to read.
>>
>> Using MHD_OPTION_CONNECTION_TIMEOUT, at least the connection resets
>> instead of hangs, but ... we'd like to send that response ...
>>
>> Is there any way to accomplish what we want?
>
> If request has header that indicated 2megs size of request body, MHD
> will read whole request before sending response. So if request has only
> header indicating that body is 2MB, but body is absent or smaller - MHD
> will wait for for whole 2MB (indefinitely or until timeout).
>
> If you request is real 2MB size and you don't want to process it, you
> can read whole 2MB, but ignore it and send response with error.
> Alternatively - you can abort connection, but if client is web-browser,
> it will repeat sending request.
>
Actually, I think this is a "100 continue"-question. *IF* the client is
using the "Expect" header to indicate that it is waiting for the
100-Continue response (which it should for HTTP/1.1), THEN you can avoid
receiving the 2 MB upload by immediately (upon the first time you get
the main callback) queueing a response. So you do not wait until you
get _any_ upload data. That's really why MHD calls the callback 2+x
times for POST: 1x to give you a chance to reject, x-times to process
upload data, and finally to give you a chance to reply. So if on the
very first callback (when all you have is the headers) you find that the
client supports/requires 100-continue (or an error), then DO reply
immediately with your error code and a (compliant) client will not even
attempt the upload.
Happy hacking!
Christian
signature.asc
Description: OpenPGP digital signature