Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RequestBodyParserMiddleware does not reject requests that exceed post_max_size #263

Merged
merged 3 commits into from
Dec 8, 2017

Conversation

WyriHaximus
Copy link
Member

Implements / closes #254

// request body of unknown size exceeding limit during buffering
if ($error instanceof OverflowException) {
return new Response(413, array('Content-Type' => 'text/plain'), 'Request body exceeds allowed limit');
return $stack($request);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, I think these changes make perfect sense 👍

One question that remains is, when should the next handler be called? It's my understanding that this middleware handler should still wait for the complete request to end before proceeding. This basically means that this middleware will wait for the complete request body anyway and that we simply ignore its contents.

Also, I wonder what should happen with Content-Length (remove?) and getBody()->getSize() (set to 0?) etc. We should probably ensure to only pass updated values to the next consumer.

Can you update this to include some tests and documentation for this? 👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question that remains is, when should the next handler be called? It's my understanding that this middleware handler should still wait for the complete request to end before proceeding. This basically means that this middleware will wait for the complete request body anyway and that we simply ignore its contents.

Adding tests next so we can ensure the right behavior.

Can you update this to include some tests and documentation for this? 👍

It's on the list, but wanted code out first so we can discuss before spending time on documentation.

@WyriHaximus
Copy link
Member Author

@clue added test that ensures the request isn't handled until the full request is in, also implemented that 🎉 . Updating documentation next

$body->on('close', function () use ($stack, $request, $resolve) {
$resolve($stack($request));
});
});
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM, but this is currently missing a cancellation handler. Maybe use Stream\first() instead?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, I'll look into it 👍

Copy link
Member

@clue clue Nov 28, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how relevant this is here, what do you think about reactphp/promise-stream#7?

@WyriHaximus
Copy link
Member Author

@clue using Stream\first() now and updated documentation

}

public function testExcessiveSizeReturnsError413()
public function testExcessiveSizeBodyIsDisgardedTheRequestIsPassedDownToTheNextMiddleware()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Disgarded -> DiscardedAnd

README.md Outdated
rejected with a `413` (Request Entity Too Large) error message without calling
the next middleware handlers.
accepted but their request body will not be added to the request. Browsers consider
a request failed when a response is sent before the entire request has gone out.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is valid remark, but it is actually unrelated to this PR. I will remove this line for now and will make sure file a new ticket to keep track of this 👍

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #273 for follow-up discussion about this 👍

Copy link
Member

@clue clue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working on this! The changes LGTM, I've squashed some of your changes and updated the documentation slightly, now let's get this in :shipit: 👍

@WyriHaximus
Copy link
Member Author

@jsor ping!

@jsor jsor merged commit 64e0b90 into reactphp:master Dec 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

RequestBodyBufferMiddleware should not reject requests that exceed post_max_size
3 participants