Skip to content

Commit

Permalink
Add ReadHeaderTimeout for security
Browse files Browse the repository at this point in the history 
Closes #821

Signed-off-by: Doug Davis <dug@microsoft.com>
  • Loading branch information
Doug Davis committed Dec 8, 2022
1 parent 2298be0 commit ca9aea8
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
2 changes: 2 additions & 0 deletions v2/protocol/http/abuse_protection.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"net/http"
"strconv"
"strings"
"time"
)

type WebhookConfig struct {
Expand All @@ -23,6 +24,7 @@ type WebhookConfig struct {

const (
DefaultAllowedRate = 1000
DefaultReadTimeout = time.Second * 600
)

// TODO: implement rate limiting.
Expand Down
5 changes: 3 additions & 2 deletions v2/protocol/http/protocol_lifecycle.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,9 @@ func (p *Protocol) OpenInbound(ctx context.Context) error {
}

p.server = &http.Server{
Addr: listener.Addr().String(),
Handler: attachMiddleware(p.Handler, p.middleware),
Addr: listener.Addr().String(),
Handler: attachMiddleware(p.Handler, p.middleware),
ReadHeaderTimeout: DefaultReadTimeout,
}

// Shutdown
Expand Down

0 comments on commit ca9aea8

Please sign in to comment.