RequestBodyParserMiddleware does not reject requests that exceed post_max_size #263
Conversation
| // request body of unknown size exceeding limit during buffering | ||
| if ($error instanceof OverflowException) { | ||
| return new Response(413, array('Content-Type' => 'text/plain'), 'Request body exceeds allowed limit'); | ||
| return $stack($request); |
There was a problem hiding this comment.
Awesome, I think these changes make perfect sense 👍
One question that remains is, when should the next handler be called? It's my understanding that this middleware handler should still wait for the complete request to end before proceeding. This basically means that this middleware will wait for the complete request body anyway and that we simply ignore its contents.
Also, I wonder what should happen with Content-Length (remove?) and getBody()->getSize() (set to 0?) etc. We should probably ensure to only pass updated values to the next consumer.
Can you update this to include some tests and documentation for this? 👍
There was a problem hiding this comment.
One question that remains is, when should the next handler be called? It's my understanding that this middleware handler should still wait for the complete request to end before proceeding. This basically means that this middleware will wait for the complete request body anyway and that we simply ignore its contents.
Adding tests next so we can ensure the right behavior.
Can you update this to include some tests and documentation for this? 👍
It's on the list, but wanted code out first so we can discuss before spending time on documentation.
|
@clue added test that ensures the request isn't handled until the full request is in, also implemented that 🎉 . Updating documentation next |
| $body->on('close', function () use ($stack, $request, $resolve) { | ||
| $resolve($stack($request)); | ||
| }); | ||
| }); |
There was a problem hiding this comment.
Changes LGTM, but this is currently missing a cancellation handler. Maybe use Stream\first() instead?
There was a problem hiding this comment.
Good catch, I'll look into it 👍
There was a problem hiding this comment.
Not sure how relevant this is here, what do you think about reactphp/promise-stream#7?
|
@clue using |
| } | ||
|
|
||
| public function testExcessiveSizeReturnsError413() | ||
| public function testExcessiveSizeBodyIsDisgardedTheRequestIsPassedDownToTheNextMiddleware() |
README.md
Outdated
| rejected with a `413` (Request Entity Too Large) error message without calling | ||
| the next middleware handlers. | ||
| accepted but their request body will not be added to the request. Browsers consider | ||
| a request failed when a response is sent before the entire request has gone out. |
There was a problem hiding this comment.
This is valid remark, but it is actually unrelated to this PR. I will remove this line for now and will make sure file a new ticket to keep track of this 👍
There was a problem hiding this comment.
See #273 for follow-up discussion about this 👍
👍
|
@jsor ping! |
Implements / closes #254