It is is possible to implement early rejection of HTTP requests when the Content-Length header indicates a value larger than the maximum configured request length. This would be beneficial to avoid unnecessary processing of oversized requests.
The relevant code section is located at
|
if (contentLengthStr != null) { |
|
long contentLength; |
|
try { |
|
contentLength = Long.parseLong(contentLengthStr); |
|
} catch (NumberFormatException ignored) { |
|
contentLength = -1; |
|
} |
|
if (contentLength < 0) { |
|
fail(id, headers, HttpStatus.BAD_REQUEST, "Invalid content length", null); |
|
return; |
|
} |
|
|
|
contentEmpty = contentLength == 0; |
|
} else { |
|
contentEmpty = true; |
|
} |
for H1 and
|
final String contentLengthStr = headers.get(HttpHeaderNames.CONTENT_LENGTH); |
|
if (contentLengthStr != null) { |
|
long contentLength; |
|
try { |
|
contentLength = Long.parseLong(contentLengthStr); |
|
} catch (NumberFormatException ignored) { |
|
contentLength = -1; |
|
} |
|
if (contentLength < 0) { |
|
writeErrorResponse(streamId, headers, HttpStatus.BAD_REQUEST, |
|
"Invalid content length", null); |
|
return; |
|
} |
|
} |
for H2.
discord discussion: https://discord.com/channels/1087271586832318494/1087272728177942629/1275651316034699327