fix/upload-size-check #7

Merged

patillacode merged 2 commits from fix/upload-size-check into main

2026-05-31 20:09:10 +02:00

patillacode commented

2026-05-31 20:05:58 +02:00

Owner

Add early Content-Length header check in the upload handler: rejects obviously oversized requests before reading a
single byte of the body
Replace await file.read() with an 8 KB chunked read loop that aborts as soon as the accumulated buffer exceeds
max_upload_size, preventing the full body from ever being buffered in memory
Both layers use the existing max_upload_size setting and return the same HTTP 413 response

Previously a client could force the server to allocate up to 5 MB of memory per request regardless of the configured
cap, since the size check only fired after the full body was already in memory.

- Add early `Content-Length` header check in the upload handler: rejects obviously oversized requests before reading a single byte of the body - Replace `await file.read()` with an 8 KB chunked read loop that aborts as soon as the accumulated buffer exceeds `max_upload_size`, preventing the full body from ever being buffered in memory - Both layers use the existing `max_upload_size` setting and return the same HTTP 413 response Previously a client could force the server to allocate up to 5 MB of memory per request regardless of the configured cap, since the size check only fired after the full body was already in memory.

patillacode added 2 commits

2026-05-31 20:05:58 +02:00