From 6d6d7a1a67fc7e810122e0942f422190c975b45f Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Fri, 3 Mar 2017 14:31:10 +0100 Subject: Return HTTP code 413 when body in POST is too large. --- src/catlfish_web.erl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/catlfish_web.erl b/src/catlfish_web.erl index 2ddd7ed..52441fc 100644 --- a/src/catlfish_web.erl +++ b/src/catlfish_web.erl @@ -91,6 +91,10 @@ loop(Req, Module) -> Req:respond({501, [], []}) end catch + exit:{body_too_large, What} -> + lager:info("HTTP POST body too large: ~p", [What]), + Req:respond({413, [{"Content-Type", "text/plain"}], + "Request Entity Too Large\n"}); Type:What -> [CrashFunction | Stack] = erlang:get_stacktrace(), lager:error("Crash in ~p for path ~p: ~p ~p~n~p~n~p~n", -- cgit v1.1 From 8579acaece04a06cd05fc628e8737abda3836330 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 Mar 2017 12:49:37 +0100 Subject: Allow 10MB of POST body. --- NEWS.md | 5 ++++- src/catlfish_web.erl | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/NEWS.md b/NEWS.md index 52d2017..a330628 100644 --- a/NEWS.md +++ b/NEWS.md @@ -7,7 +7,10 @@ order for signing nodes to generate an SCT for it. This prevents a rouge frontend node from sending out an SCT for an entry that will never be merged. An effect of this is that the SCT cache is now - mandatory and can not be disabled. + mandatory and can not be disabled (closes CATLFISH-28). + +- Allow HTTP POST body sizes up to 10MB, when sent in chunks up to 1MB + in size (closes CATLFISH-98). ## Bug fixes diff --git a/src/catlfish_web.erl b/src/catlfish_web.erl index 52441fc..8cf3092 100644 --- a/src/catlfish_web.erl +++ b/src/catlfish_web.erl @@ -4,6 +4,9 @@ -module(catlfish_web). -export([start/3, loop/2]). +%% Max size of POST body, in octets. +-define(MAX_RECV_BODY, 10*1024*1024). % 10MB. + start(Options, Module, Name) -> lager:debug("Starting catlfish web server: ~p", [Module]), Loop = fun (Req) -> @@ -62,7 +65,7 @@ loop(Req, Module) -> Req:respond(Result) end; 'POST' -> - Body = Req:recv_body(), + Body = Req:recv_body(?MAX_RECV_BODY), Result = case http_auth:verify_auth(AuthHeader, "POST", Path, Body) of failure -> -- cgit v1.1