diff options
-rw-r--r-- | NEWS.md | 5 | ||||
-rw-r--r-- | src/catlfish_web.erl | 9 |
2 files changed, 12 insertions, 2 deletions
@@ -7,7 +7,10 @@ order for signing nodes to generate an SCT for it. This prevents a rouge frontend node from sending out an SCT for an entry that will never be merged. An effect of this is that the SCT cache is now - mandatory and can not be disabled. + mandatory and can not be disabled (closes CATLFISH-28). + +- Allow HTTP POST body sizes up to 10MB, when sent in chunks up to 1MB + in size (closes CATLFISH-98). ## Bug fixes diff --git a/src/catlfish_web.erl b/src/catlfish_web.erl index 2ddd7ed..8cf3092 100644 --- a/src/catlfish_web.erl +++ b/src/catlfish_web.erl @@ -4,6 +4,9 @@ -module(catlfish_web). -export([start/3, loop/2]). +%% Max size of POST body, in octets. +-define(MAX_RECV_BODY, 10*1024*1024). % 10MB. + start(Options, Module, Name) -> lager:debug("Starting catlfish web server: ~p", [Module]), Loop = fun (Req) -> @@ -62,7 +65,7 @@ loop(Req, Module) -> Req:respond(Result) end; 'POST' -> - Body = Req:recv_body(), + Body = Req:recv_body(?MAX_RECV_BODY), Result = case http_auth:verify_auth(AuthHeader, "POST", Path, Body) of failure -> @@ -91,6 +94,10 @@ loop(Req, Module) -> Req:respond({501, [], []}) end catch + exit:{body_too_large, What} -> + lager:info("HTTP POST body too large: ~p", [What]), + Req:respond({413, [{"Content-Type", "text/plain"}], + "Request Entity Too Large\n"}); Type:What -> [CrashFunction | Stack] = erlang:get_stacktrace(), lager:error("Crash in ~p for path ~p: ~p ~p~n~p~n~p~n", |